Strong Password Guidelines
To protect information and resources, the Washington State Department of Information Services requires strong passwords for all user accounts, including Cascadia network accounts.
Starting on November 18, 2020, Cascadia has moved towards the use of passphrases as opposed to traditional passwords. To achieve the highest likelihood of your passphrase being accepted for use, you should choose a passphrase that meets all of the requirements from the "must" list below and also consider incorporating as many suggestions from the "should" list below.
Passphrase Must Have
To be considered strong, your passphrase must:
- Be at least 14 characters long.
- Be significantly different from previously used passwords. If your new passphrase is too similar to your previous one, this will cause the passphrase to be rejected. If your new passphrase is an exact match to the last 24 passphrases you have used, it will cause the passphrase to be rejected.
- NOT contain your name or any part of your full name. This will cause passphrase to be rejected.
- NOT contain consecutive or repetitive characters (e.g. 12345 or aaaaa). This will cause the passphrase to be rejected.
- NOT be on the list of most commonly used passwords . This will cause the passphrase to be rejected.
Passphrase Should Have
To further secure your account and data, your passphrase should:
- NOT be a password you are currently using for other online services or websites.
- NOT contain personal identifiers such as birthdays, social security numbers, or pet's names.
- NOT contain the word Cascadia.
- NOT be a word found in the dictionary, even if it is spelled backwards. Using common dictionary words without special characters, unique spellings may cause your passphrase to be rejected.
Group Examples
While no longer required, you can increase the security of your passphrase by continuing to include characters from each of the following groups
Letters (uppercase)
A, B, C...
Letters (lowercase)
a,b,c...
Numerals
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Special Characters (all characters that are not letters or numerals)
' ~ ! @ # $ % ^ & _ + - = { } | [ ] : " ; ' < > ? , .
Examples of Strong Passphrases
A passphrase should be difficult for someone else to guess but easy for you to remember. A good way to choose a strong passphrase is to take an easily remembered phrase, then combine the first letter of each word in the phrase with numbers or characters (including punctuation and/or spaces).
Creating a passphrase, in some way, from a phrase from a movie, a quote, a song, or a nursery rhyme can be a good strategy for remembering. Some great examples pulled from The Princess Bride:
- NevergetinvolvedinalandwarinAsia.->
- Doyouhavesixfingersonyourlefthand?
Additional Resources
- Security Awareness - A 60 second video on strong passphrases
- Bulding Better Passwords - An article with a lot of this information to make it more digestible
- How Secure is My Password? - A fun tool that can help you visualize good vs. poor passphrases
- Still have questions? Please contact the Help Desk and we would be glad to assist.