Strengthening Security: New Passphrase Standards Coming in January
December 6, 2024
The Office of Information Technology鈥檚 Information Security and Assurance team is working on updating and improving their body of IT Security Standards. These standards align with BOR Policy 02.07 and are part of ongoing efforts to strengthen our institution鈥檚 cybersecurity.
What鈥檚 Changing?
Starting in January, ELMO will require a new minimum password length of 16 characters - twice the length of the current minimum of eight characters. These longer passwords, called 鈥減assphrases,鈥 have the following benefits:
- Greater Security: Passphrases are significantly more resilient against , , and .
- Less Frequent Changes: Passphrases will remain valid for 730 days (two years), compared to the current 400 days.
- Easier for Humans to Remember: Passphrases should be unique and random, but memorable to you. Consider three to four words that mean something to you but aren鈥檛 related to each other; you have a passphrase!
Why Passphrases?
Cybersecurity threats evolve constantly, and passphrase-based security is a simple,
user-friendly way to help protect sensitive data. This approach is already widely
recognized as providing enhanced security compared to traditional passwords.
What to Expect
If you change your password before the effective date in January, your current password will remain valid under the
old password policy until it expires. You are welcome to use passphrases at any time!
Learn More
The language in the standard is fairly technical, so we have provided this short overview for a clear explanation of the 鈥渨hat,鈥 鈥渨hy鈥 and 鈥渉ow鈥 behind this security measure.
Do you have questions about this, or other standards? We welcome your feedback. Please email the Standard Contact at ua-ciso@alaska.edu.