An Ohio State login screen. Credit: Daniel Bush | Campus Photo Editor
The 180-day password change is being removed for Ohio State users as the Office of Technology and Digital Innovation announced the switch from passwords to passphrases.
Rob Lowden, vice president of Ohio State and chief information officer, announced the change in a university-wide email on Oct. 9.
“We know strong security is a shared responsibility, and this new standard strikes the right balance between safety and simplicity,” Lowden said in the email.
In a press release, Technology and Digital Innovation said that as part of cyber security month, the office wants to strengthen overall security and remove the burden of frequent password changes. The next prompt to update a password will be the last.
As of Oct. 9, unique and strong passphrases are enacted, rather than password changes.
Passphrases function like passwords, consisting of a longer sequence of words and characters, making the login harder for attackers to guess but easier for users to remember, according to the press release. The passphrases will also be paired with multi-factor authentication, Duo Mobile.
Digital Innovation’s website offers advice to users on how to choose the best passphrase, recommending that users create a sequence of words or a sentence using a combination of letters, numbers and special characters.
Following the guidelines set by the office for creating a passphrase, there should be 15 characters or more, and a mix of upper- and lower-case letters, numbers and special characters that form a phrase or sentence that is easy for the user to remember. The department emphasizes not using common terms, birthdays or personal information, and making sure users don’t use the same password for other logins.
An easy way for users to create unique passphrases is to use services like Google’s Password Manager, Apple’s iCloud Keychain or Microsoft’s Authenticator App, according to the press release. They assist in creating, saving and offering easy fill-in options during user login.
Users will not need to change their passwords unless Digital Security and Trust — Ohio State’s data security program — finds out someone from outside the university has cracked the passphrases or the phrase shows up in a data breach.
