Strengthening Security: New Passphrase Standards Coming in January
December 6, 2024
The Office of Information Technology’s Information Security and Assurance team is working on updating and improving their body of IT Security Standards. These standards align with BOR Policy 02.07 and are part of ongoing efforts to strengthen our institution’s cybersecurity.
What’s Changing?
Starting in January, ELMO will require a new minimum password length of 16 characters - twice the length of the current minimum of eight characters. These longer passwords, called “passphrases,” have the following benefits:
- Greater Security: Passphrases are significantly more resilient against brute force attacks, rainbow tables, and dictionary attacks.
- Less Frequent Changes: Passphrases will remain valid for 730 days (two years), compared to the current 400 days.
- Easier for Humans to Remember: Passphrases should be unique and random, but memorable to you. Consider three to four words that mean something to you but aren’t related to each other; you have a passphrase!
Why Passphrases?
Cybersecurity threats evolve constantly, and passphrase-based security is a simple,
user-friendly way to help protect sensitive data. This approach is already widely
recognized as providing enhanced security compared to traditional passwords.
What to Expect
If you change your password before the effective date in January, your current password will remain valid under the
old password policy until it expires. You are welcome to use passphrases at any time!
Learn More
The language in the standard is fairly technical, so we have provided this short overview for a clear explanation of the “what,” “why” and “how” behind this security measure.
Do you have questions about this, or other standards? We welcome your feedback. Please email the Standard Contact at ua-ciso@alaska.edu.