As part of Cybersecurity Month, the Office of Technology and Digital Innovation (OTDI) is announcing changes to passwords that will reduce the burden on our users while strengthening our overall security.
Beginning Oct. 9, Ohio State users will no longer be required to change their university password every 180 days – your next password change prompt will be your last. This change aligns with cybersecurity best practices, which rely on unique, long and strong passphrases paired with multi-factor authentication. A passphrase works like a password but is a longer sequence of words or characters that’s easier to remember and much harder for attackers to guess or crack.
For users, this results in:
- Less hassle: no more routine resets or support tickets for forgotten updates (our #1 help request!)
- Better security: fewer forced changes mean fewer weak, recycled passwords
- More time back: focus on your work, not creating a new password
If you recently changed your password, you will need to change it one more time. After today when you change it proactively or the next time it expires, it must be a passphrase of 15 characters or more. Once you set that passphrase, you won’t need to change it again. Be sure your passphrase is unique to your Ohio State account and not used anywhere else.
We know strong security is a shared responsibility, and this new standard strikes the right balance between safety and simplicity.
Strong Passwords
A combination of letters, numbers, and special characters is difficult for others to guess or crack, but hard to quickly remember. Try a “passphrase,” a sequence of words or a sentence used as a password, often longer than traditional passwords but easier to remember.
How to build a passphrase:
- Choose a unique phrase that’s easy for you to remember but hard for others to guess—like a sentence or lyric with personal meaning.
- Include a mix of uppercase and lowercase letters, numbers, and special characters by modifying parts of the phrase (e.g., “Th3DogL0ve$2Run!”).
- Avoid using common phrases, dictionary words, or personal information like names or birthdays."
Password Managers
These services generate, store, and manage complex passwords for various accounts. They encrypt your logins and ensure that you have unique passwords for each online account, making it easier to maintain strong security without having to remember multiple passwords. Some services also allow you to share your passwords with family members so you can keep all those streaming services streaming. Big-tech platforms also provide decent options:
- Google’s Password Manager
- Apple’s iCloud Keychain
- Microsoft’s Authenticator app
These services not only save your passwords, but they provide an autofill function for easy sign-ins to your favorite services. Though the university does not recommend specific commercial products, we suggest finding one you like and stick with it.
- DO NOT use the same password in more than one place: For the same reason as above, you don’t want one retailer’s data theft becoming your problem. Always have a unique password for each site or service. This way if your retailer is compromised, the cybercriminals cannot also use the same password to burrow even deeper into your digital life.
- Monitoring Services: Companies exist to monitor your credit and login credentials for a fee. A free option you can explore is HaveIBeenPwned. The tool checks if your personal data has been compromised in a data breach. If you find your credentials listed, you should change those passwords ASAP.
- Make Passwords Complex and Strong: A strong password is your first defense against cybercriminals. Ohio State requires using at least 15 characters. Never reuse passwords across accounts. A password manager can help you create and remember truly secure combinations. More specific requirements for Ohio State passwords are outlined after you log in to my.osu.edu.
As always, to change your password at Ohio State, visit my.osu.edu.