Creating Strong Passphrases

Owned by Shelley Finerty (Deactivated)
Last updated: Dec 14, 2022 by Douglas 2brownVersion comment
5 min read

What is a Passphrase?

passphrase is another word for a password however it encourages a sequence of words or other text rather then a single word to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security.  The passphrase at Royal Roads can also contain spaces, numbers and special characters.


Activating an Academic Account?

https://royalroads.atlassian.net/wiki/display/ITKNOW/Passphrase+Requirements

Why do you need a strong passphrase?

Passwords have fallen out of favour in the tech sector because they either just aren't secure enough, or when we make them secure, they’re often hard to remember, confusing and/or difficult to type. Passphrases are easier to remember, easier to type and much stronger and more difficult for cyber attackers to break. Because of this, Royal Roads is transitioning from passwords to passphrases.

Your passphrase are the keys you use to unlock your computer and online accounts. The stronger the passphrase, the better the security against intrusion by hackers and thieves, who could use your information to access files, corporate applications like Agresso/SSIS/EMS, or even schedule appointments disguised as you — and you wouldn't know it until it was too late.

It isn't hard to create strong passphrases. With a small amount of effort on your part and some tricks provided in this article, you can help improve the security of your Royal Roads corporate and personal information.

A good, strong passphrase should meet all three of these criteria:

  1. A minimum of 12 characters in length. Short passphrases are easier to crack than long passphrases.
  2. Ideally combines letters with a number or symbol thrown in, but:
    • Not sequential or repeating combinations, such as 12345678, 222222, abcdefg, or adjacent letters on your keyboard.
    • Not common words with letters replaced by numbers or symbols, such as M1cr0$0ft or P@ssw0rd. Unfortunately, hackers know these tricks.
  3. Easy for you to remember, but difficult for others to guess, and:
    • Not your login name, your spouse's name, or your birthday.
    • Not hard-to-remember. Random combinations of letters, numbers, and symbols that must be written down to be remembered, can be misplaced, or found by others and used.

Create a strong, memorable passphrase in 2 steps:

The problem is the bad guys have developed sophisticated programs that can guess, or “brute force,” your passwords, and they are constantly getting better at it. This means they can steal your passwords if they are weak or easy to guess. The recent iCloud “attack” where several celebrities had their photos accessed, copied and distributed on the Internet is a good example of this. Never use common information for your passphrases, such as your birth date, your pet’s name, spouse or children’s names or anything else that can be easily determined from your social networking posts or Google – it’s the quickest way to be in the same situation as a Hollywood starlet.

Step 1 - Think of a phrase 

For example....   ham and pineapple pizza

Step 2 - Add capitals, symbols or numbers

You can make your passphrase even stronger by adding symbols, capital letters or numbers, such as those you see in the example below. Now ham and pineapple pizza becomes Ham and p1neapple P1zza!.  

Notice how this example uses a capital letter. You can also replace letters with numbers or symbols, such as replacing the letter ‘i’ with the number “1” and the letter ‘o’ with the number zero, or use common punctuation marks such as a question mark, period or even spaces. 

You are done.

Keeping your passphrases secret:

Treat your passphrases seriously.

  1. The passphrase you use for your Royal Roads account MUST only be used at Royal Roads. DO NOT use this passphrase for any other account. 
  2. Do not use the same passphrases for multiple accounts. Get into the habit of creating a new, strong passphrase for each account or website you use.
  3. Don't give them out to friends or family members (especially children) who could pass them on to other less trustworthy individuals.
  4. Don't store written passphrases in your desk. If found, such a note, created for your convenience, can provide easy access to your computer for burglars.
  5. Never provide your passphrase over e-mail even if a trusted company or individual requests it. Internet phishing scams might use fraudulent e-mail to entice you into revealing your user names and passphrases so criminals can access your accounts, steal your identity, and more.
  6. RRU will never ask you for your passphrase? No one in Royal Roads will ever contact you and ask you for your passphrase. It is easier for us to reset it then to request it from you. If you are ever concerned that an email from us might be fraudulent, then contact us by phone and we would be pleased to discuss it with you. Better safe then sorry.

Other passphrase Tips:

  • Change passphrases regularly. Ideally, you should create new, strong passphrases for your accounts every few months. This can help keep hackers off balance if they're monitoring a Web site that you visit frequently.
  • Use a passphrase tool that can store your usernames and passphrases in a encrypted file.  There are many free and inexpensive apps for your phone of computer that can be used to store the myriad of passphrases you have.  Just make sure the program stores the passphrases in a secure, encrypted file and that the passphrase to get into this file has a strong passphrase as well.  Also make sure that the app does not store the information anywhere else.  The app should not transmit your stored passphrase anywhere.
  • Don't enable the Save password Option. If you receive a dialog box asking if you would like the computer to remember the password, choose No. This option lets anyone who can accesses your computer profile also all websites that have these pre-saved passphrases.

Some Issues with when setting an RRU passphrase

Some issues reported by other students:

  • 16 digit passphrases seem to give an error, so if your new passphrase is exactly 16 characters and not working, trying adding an extra character or change it to something shorter
  • Passwords with all numbers gave a student some difficulties
  • Too long (more then 25 characters) can also be problematic
  • If it constantly tells you the "confirm password" is wrong and you are using Safari, try a different browser like Chrome or Firefox instead.

Changing your Royal Roads Passphrase:


For more ideas:

http://www.microsoft.com/protect/yourself/password/create.mspx
http://en.wikipedia.org/wiki/Password_strength

Get Help

Still need help?

Submit a request.

How to Contact the Computer Services Department

Submit a ticket
To submit a ticket, you will be required to log in using your FULL Royal Roads email address (detailed instructions here)
New! If you do not have a full RRU email address (students not currently in a credit program and/or visitors), you can create a portal account using your personal email address.
Phone: 250-391-2659 Toll Free: 1-866-808-5429
Come visit us in the Sequoia Building
Hours of Operation