Transitioning to 15-character Passphrases

Owned by Smith, Victoria E.
Last updated: Oct 24, 2024
2 min read

In today's digital landscape, securing access to sensitive information is more critical than ever as cyber threats are constantly evolving. One of the simplest yet most effective ways to safeguard data is by implementing a robust password policy.

OnOct 28, 2024, all Franklin County domain accounts will require a 15-character password in place of its 8-character password minimum in order to strengthen the county’s security posture.

 

Why 15 Characters?

Increased Security

The longer a password, the more combinations an attacker would need to try in order to crack it.

An 8-character password made up of upper- and lowercase letters, numbers, and symbols has 6.1 quadrillion possible combinations. A 15-character password, however, skyrockets this number to 10 septillion combinations.

This exponential increase makes brute-force attacks far more difficult, if not impractical.

Moreover, today's password-cracking software can test billions of combinations per second. A longer password offers an added layer of security because it takes significantly longer for even the fastest tools to exhaust all possible combinations.

Many regulatory frameworks, including NIST guidelines, now recommend or require longer passwords as part of cybersecurity best practices. Implementing a 15-character minimum ensures compliance with industry standards, reducing the risk of non-compliance penalties.

Passphrases

While longer passwords enhance security, they can also become cumbersome for users. This is where passphrases—a sequence of random words—come into play. Passphrases offer the same security benefits as long, complex passwords but are easier to remember and type.

A passphrase like “PurpleElephantRunsQuickly!” is easier to remember than a random string of characters like “X8g!12k3&Zq.” This helps users create strong passwords without writing them down or reusing simpler, more vulnerable ones.

Passphrases naturally encourage users to create longer passwords. By combining several words, you can easily reach or exceed the 15-character minimum without resorting to confusing symbols and random characters. A passphrase made up of four or five unrelated words can be extremely hard to crack using dictionary or brute-force attacks. It combines length with unpredictability, two key components of a strong password.

In an era where data breaches and cyberattacks are increasingly common, adopting a 15-character minimum for passwords—particularly when combined with passphrases—can significantly enhance an organization's security. While this change will take effect immediately, users will only notice it at the time of their next password change.

If you have any questions, please contact the Identity Management Team at fcdc-security- identity@franklincountyohio.gov.

Thank you for your cooperation in keeping our systems secure.

 

FCDC Help Desk | helpdesk@franklincountyohio.gov | 614-525-3282