Secure Passphrases

Overview

Keeping your account secure doesn’t have to be complicated. One of the easiest and most effective ways to protect your information is by using a secure passphrase—paired with Multi-Factor Authentication (MFA).
This guide explains what passphrases are, why they’re more secure than traditional passwords, and how MFA adds another layer of protection. 

What is a Passphrase?

A passphrase is a series of random words put together to create a long, memorable login.
Examples (DO NOT USE)

BlueCoffeeRiverSunset10
LaptopBananaCloudDance42

Unlike traditional passwords (like P@ssw0rd!), passphrases are:

✅ Longer
✅ Easier to remember
✅ Much harder for attackers to guess

Why Passphrases Are More Secure

Most cyberattacks try to guess passwords using common patterns, short words, and predictable substitutions (like “@” for “a”).
Passphrases are stronger because:
1. Length Beats Complexity: A longer passphrase (even with simple words) is significantly harder to crack than a short, complex password.
Example:

Tr0ub4dor! ❌ (short, predictable pattern)
HorseBatteryStapleRiver9 ✅ (long and random)

Color‑coded chart titled “Time it takes a hacker to brute force your password in 2025,” showing how crack time increases with password length (4–18 characters) and complexity (numbers, lowercase, uppercase, symbols), ranging from instantly to trillions of years.

2. Harder to Guess: Random words don’t follow predictable patterns.
Attackers can’t easily guess combinations like TreeLaptopOceanGlass.

3. Easier to Remember: You’re more likely to remember a phrase than a random string of characters—so you’re less likely to write it down or reuse it.

Best Practices for Creating a Strong Passphrase

✔️ Do:

Use 4–5 random words
Make it at least 15 characters long
Add a number or symbol if required
Choose words that are not related to you personally


❌ Avoid:

Common phrases or song lyrics (LetItBe123)
Personal information (starID, names, birthdays, school, pets)
Public Information (commonly known extracurricular activities)
A single dictionary word and common number combination (Summertime2026!)
Reusing the same passphrase across multiple sites

How Passphrases and MFA Work Together

MFA adds a second layer of protection to your login.
Instead of just entering your passphrase, you also confirm your identity using something you have or are, such as:

  • A mobile app notification (like Microsoft Authenticator)
  • A one-time code sent to your device
  • A hardware token or security key

Think of your login like a locked door:

  • 🔑 Passphrase = Your key
  • 📱 MFA = A second lock

Even if someone somehow gets your passphrase:

  • They still cannot access your account without your second factor (your phone, app, or device)

This dramatically reduces the risk of unauthorized access.

Support

For assistance with passphrases, account access, or MFA:

Normandale IT Service Desk

  • 📍 Campus: L1701
  • 📞 Phone: (952) 358-8181
  • 📧 Email: helpdesk@normandale.edu

Submit a request via TeamDynamix or contact the Service Desk directly.

Summary

Using a strong passphrase with MFA helps protect your personal and institutional data, prevents unauthorized access to systems like email, D2L, and shared files, and reduces the risk of phishing and account compromise.  Follow these guidelines to setup a secure passphrase and protect your account.

Was this helpful?
0 reviews
Print Article

Related Articles (1)

MFA - Enroll with a Mobile Device
Enrolling and activating MFA is a very simple process, and once it is set up, is very easy to use. To get MFA started, open a web browser and connect to: https://www.minnstate.edu/mfa and then following the first-time setup Wizard