Passphrase Tips

Using strong and secure passphrases for your all of your accounts is one of the most important ways to stay safe online. This page provides tips on creating and maintaining secure passphrases.

Fewer PassWORDS, More PassPHRASES

Passphrases can be longer, more secure, and easier to remember than traditional passwords.

  • Think of a phrase you like with at least 16 characters. Song lyrics, poems, movie quotes, acronyms, etc., all work great.
  • Add symbols, numbers, spaces, or upper- and lowercase letters. Substitute @ for an a, 3 for an E, $ for an S, etc.
  • Do not include any easily guessable content such as “password” or “12345”.
  • Do not include personally identifiable information such as your name, username, or company name.
  • Use a unique passphrase for each account. Password reuse can lead to multiple account breaches.

Set Up Two-Factor Authentication

Add this additional layer of security that integrates with your cell phone or hardware tokens to verify account access attempts.

  • At the minimum, two-factor authentication (2FA) should be added to personal banking and email accounts
  • For a list of sites and services that offer 2FA, along with setup instructions, visit www.twofactorauth.org.

Forget Your Passwords – Use a Password Manager

It is important to create unique strong passwords or passphrases for each of your online accounts. This way, if one account is compromised, the rest are not. A password manager can help keep track of all these different passwords.

  • Common free password managers include 1Password and LastPass.

Do Not Reply to Suspicious Emails

Even the strongest passphrase must be kept a secret to remain effective. Remember that no legitimate entity will send you an email requesting that you provide your user name, password, or other personal information, such as social security or credit card numbers. If you receive such an email (also known as “phish”) at your USC account, please forward it to the USC Information Security Office at phishing@usc.edu.

For help learning how to identify phish, see ITS’s About Phishing page.

Keep Passwords Private

Do not write your passwords down and keep them in a place where others might see them and do not share your passwords with others. If you store passwords on your mobile devices, make sure that you keep your devices locked when not in use to prevent unauthorized access.

Change Your Passwords at Least Once Every Year

The longer your password remains the same, the greater the likelihood that a hacker will crack it and break into your account. Hackers use malicious programs to try thousands of passwords against your account until they find a match, so change your password once a year to keep it safe.

USC NetID Passphrase Requirements

To learn about specific USC NetID passphrase requirements, visit itservices.usc.edu/accounts/password.

If Your Account Gets Compromised

If you suspect that your USC NetID account has been compromised, go to the USC NetID Accounts Services page and change your password immediately. Once you have changed your password, click the Report an Information Security Incident button at the top of this page so that we can gather the necessary information to prevent a larger security problem.

Additional Help

For problems with your USC NetID password, or for additional information on password security, please contact the ITS Customer Support Center.