New Requirements for USC NetID Password

The following message regarding new password requirements for USC passwords will be distributed to all students, faculty, and staff in January 2014:

Subject: New Requirements for USC NetID Password

Dear USC Staff Members:

I am pleased to inform you that USC’s Information Technology Services (ITS) is enhancing its USC NetID password service by moving from 7 or 8 character passwords to longer, more secure, and easier to remember passphrases. This change has been approved by the Committee on Information Services, a faculty committee jointly appointed by the Academic Senate and the Office of the Provost. Beginning on February 24, 2014, users receiving password expiration warnings will be informed that they must create a passphrase of 12 to 32 characters.

Creating and remembering a passphrase is often simpler than creating and remembering a password. A passphrase can be made up of several words that form a phrase or sentence. Such passphrases are more secure than shorter, complex passwords.

Although the enhanced password service will not be available until February 24, you will access it the same way you access the current service by going to the ITS website, www.usc.edu/its, and clicking “Change Your USC Password” under Popular Topics. For detailed advice on how to create a passphrase, please continue reading below. To validate the authenticity of this email, go to cio.usc.edu/2014/01/03/important-information-about-new-password-requirements.

Sincerely,

Peter M. Siegel
Chief Information Officer and Vice Provost for Information Technology Services

How to Create a Passphrase

Although a passphrase cannot be a single stand-alone dictionary word or a common phrase, it can be made up of several words that form a phrase or sentence, such as “mysmartpuppy” (12 characters), “outofthepurplesky” (17 characters), or “Mom drinks plenty of apple juice” (32 characters, counting spaces). The longer you make your passphrase, the more secure it will be.

Other optional ways of increasing your passphrase’s security include adding a capital letter, punctuation mark, or number in the middle of your passphrase (“mysmar7tpuppy”), misspelling words (“outofthepuurplesky”), or swapping the order of the words (“Mom drinks plenty of juice apple”).

Of course, even the strongest passphrase must be kept a secret to remain effective. Please remember that no legitimate USC entity will send you an email requesting that you provide your password. If you receive such an email (also known as “phish”), please forward it to security@usc.edu. For help with learning how to identify phish, go to the following ITS web page: www.usc.edu/its/security/phishing.