Passphrase Tips

Using strong and secure passphrases for all of your accounts is one of the most important ways to stay safe online. This page provides tips on creating and maintaining secure passphrases (also known as passwords).

USC NetID Passphrase Requirements

To learn about specific USC NetID passphrase requirements, visit Further details on these requirements can be found in the Passphrase Standards document.

Fewer PassWORDS, More PassPHRASES

Passphrases are longer, more secure, and easier to remember than traditional passwords.

  • Use a phrase with at least 16 characters.
    • Jumble the words of the phrase or choose words that aren’t typically together.
    • For example: PuppiesAreMyFavorite could be jumbled to create FavoriteArePuppiesMy
  • Add symbols, numbers, spaces, or upper- and lowercase letters, for additional security.
  • Choose something known only to you that no one will suspect.
    • Do not include easily guessable content such as “password” or “12345”.
    • Do not include personally identifiable information such as your name, username, or company name.
    • Do not use any information shared in online quizzes or resources (ex: The name of your first street, the make of your first car, etc.)

  • Use a unique passphrase for each account. Passphrase reuse can lead to multiple account breaches.

Set Up Two-Factor Authentication

Add this additional layer of security that integrates with your cell phone or hardware tokens to verify account access attempts.The term Two-Factor Authentication is often interchangeably used with Two-Step Verification, Login Verification, and Multifactor Authentication.

  • At the minimum, two-factor authentication (2FA) should be added to personal banking and email accounts
  • Instructions on how to set up 2FA can generally be found in the help section of the corresponding website or app.
    • For a list of sites and services that offer 2FA, along with setup instructions, visit

Avoid Writing Down Passphrases

Avoid writing down passphrases and never store in places others can see (for example, banking login credentials on a post-it note). If you store passphrases on your mobile devices, make sure to keep your devices locked when not in use to prevent unauthorized access.

Do Not Share your Password

Do not send your passphrase via email, text message, etc. If there is ever a need to share a passphrase, relay it vocally.

Change Your Passwords at Least Once Every Year

The longer your password remains the same, the greater the likelihood that a hacker will crack it and break into your account. Hackers use malicious programs to try thousands of passwords against your account until they find a match, so change your password once a year to keep it safe.

Don’t Fall for Phish

Even the strongest passphrase must be kept a secret to remain effective. Please remember that no legitimate entity will send you an email requesting that you provide your username, password, or other personal information. If you receive such an email (also known as “phish”) at your USC account, please forward it as an attachment (Instructions can be found here) to For help with learning how to identify phish, see ITS’s About Phishing page.

If Your Account Gets Compromised

If you suspect that your USC NetID account has been compromised, go to the USC NetID Accounts Services page and change your password immediately. Once you have changed your password, click the Report an Information Security Incident button at the top of this page so that we can gather the necessary information to prevent a larger security problem.

Tip: The website allows you to input your email address to determine if any accounts it is associated with have been involved in a public data breach.

Additional Help

For problems with your USC NetID password, or for additional information on password security, please contact the ITS Customer Support Center.