Passwords remain the most common authentication method used across applications and websites because it is the simplest method of proving you are who you say you are.
Choosing a poor password and re-using passwords across sites and systems puts you at risk, but we all do it because passwords are complicated and hard to remember. This is where passphrases come in.
When choosing a password, simple and long is better than complex and short. A short random password like “ispuSiX5” is hard to remember and would only take a few days to be cracked by modern computers. But a passphrase of four lowercase English words, like “sixfold luster sharpie envy” would take a few billion years to crack and is much easier to remember.
This has become the prevailing cybersecurity advice to such an extent that NIST has updated their password advice for the nation. In accordance, ITS has removed our previous password complexity requirements, which forced a password to contain a mix of UPPER, lower, numeric, and symbolic characters, and instead increased the password length requirement to 20 characters. While that feels long, it’s pretty easy to obtain with a passphrase. The example above contained 27 characters, for instance.
Please ensure that your Oxy password is unique and not used anywhere else. To keep track of your passwords you can use a manager like LastPass, Dashlane, Keeper or 1Password to create and store unique passwords for all of your systems and sites.
We would encourage everyone to get a new password using a passphrase generator and then change your Oxy password but we are not requiring this for all users.