CWRU Begins Using Passphrases on June 15

On June 15, CWRU will change user login requirements to promote stronger security and improved usability. This change will require users to convert passwords associated with their network ID (abc123) to passphrases. Passphrases are an improvement over passwords, because they are more difficult to brute-force guess while also remaining easy to remember.

What’s happening?

  • The minimum required character length increases from eight characters to 12.
  • Passphrases can contain words and spaces (e.g. "correct horse battery staple").
  • Complexity of a passphrase will be calculated by a meter while the user creates it.
  • To ensure strong passphrases, minimum complexity is required, indicated by a "green" score on the passphrase meter.
  • Users enrolled in CWRU Duo Security two-factor authentication system will no longer need to change their login passphrases annually.

When is this happening?

  • This passphrase change will be implemented on June 15.
  • All passwords must be converted to passphrases by December 31.
  • Users can convert to passphrases anytime during this time window.

How does this affect me?

  • Anytime CWRU account credentials need to be changed, they will be required to meet the updated passphrase criteria.
  • All users, faculty, staff, students, alumni and affiliate users are affected.

What should I do?

Other recommendations

  • Passphrases should be long enough to be difficult to guess and unique to you.
  • A passphrase cannot contain your name or network ID.
  • The passphrase should be hard to guess by intuition, even by someone who knows the user well.
  • It also should be easy to remember and type accurately.
  • The passphrase a user selects must not be reused between sites, applications, systems and other different sources.