USC Chief Information Security Officer Gus Anagnos sent an email to the USC community Wednesday informing students that they will need to create a new passphrase the when they change their USC NetID passwords starting Nov. 30.
The NetID password is the credential used to access several online tools including MyUSC, Blackboard, Google Apps at USC and the secure wireless network. The change affects anyone with access to the USC NetID system, particularly students, faculty and staff.
The security change has been discussed, developed and pilot tested over the past 18 months, according to Anagnos.
“This change is part of the University’s ongoing efforts to protect your USC accounts and university systems from hacking attempts,” the email read.
Anagnos said passphrases enhance user experience by making login credentials easier to remember and fostering a standardized password policy across multiple systems.
Passphrases typically comprise a phrase, sentence or series of words and are less restrictive in character requirements, Anagnos said. Students will no longer have to include a combination of capital and lowercase letters or letters and numbers. Passphrases are required to be 16 to 64 characters long.
“There’s research out there saying that passphrases are more secure than the passwords of the past,” Anagnos said. “Passphrases are the modern way to do it.”
However, there are two new restrictions on the passphrase: It may not include the user’s USC NetID username and may not reuse their USC NetID password or phrase.
So far, the change has garnered mixed reactions. Anagnos said he has received emails from people who are enthusiastic about the change as well as people asking why it was necessary. He believes that those who oppose it may lack an understanding and awareness of its benefits.
“Overall, my expectation is that it’s going to be received well because for the user it’s actually going to put them in a better position than the old policy,” Anagnos said.
IT Services encourages students to create a new, strong and unique passphrase as soon as possible.