Changing Passphrases Regularly
If you have a quality credential management and strong identity and access management strategy, and you are able to abide by NIST Digital Identity Guidelines, you may be able to get away with not changing passphrases regularly. However, we recommend that you change all passphrases for all accounts at least annually.
In many of the recent social media breaches, it was discovered that there are still a large number of people using easily guessed passwords. Would your password withstand 100 guesses from a hacker? Find out here.
Effective Passphrase management Strategies will require you to change some of your behaviors.
General Passphrase Protection Strategies:
Randomness: Do not use words found in the dictionary. Even swapping numbers for letters will not likely prevent dictionary attacks. Passphrase instead of passwords.
Passphrase Length/ Character Use – Use combination of small, capital letters, numbers and special characters.
- Having strong and personal association to the passphrase allows for easier memorization.
- Your passphrases do not necessarily need to be memorized, but if you are storing it somewhere try not to store what the passphrase is for or use a passphrase manager.
- If this is too difficult to do and you have any more than 4-8 accounts, you will need some way of recording and securing these unique passphrases. Options include both digital and paper records:
Always use unique passphrases and never reuse them across any of your accounts.
Passphrases by personal association.
- Remember it is important that the strategy is unique and known only to you. As soon as you identify or share your strategy it becomes less effective.
Stanford University created a great Quick Guide that speaks to the use of different characters and passphrase length. In general, the guidance is the longer the passphrase, the less the need to use different characters or numbers.
Make sure you are not using your work email and passphrase for any non-Uvic service. Always use different passphrases for all services (work, personal, financial, and public.)