Authentication Changes FAQ 2021

Why is IT requiring 15 characters for University NetworkID passwords?

The longer passwords help the University protect workstations from unauthorized access. The first aspect of this protection is that a longer password is stronger. The second is that by making 15 the minimum, we prevent the use of a legacy password storage mode that keeps getting turned on for both PCs and Macs - LANMAN. This storage method basically converts any password under 15 characters into two 7 character passwords, which are directly decipherable via pre-computed lookup tables.
There are also some online Pepperdine services that cannot yet or have not yet been converted to use single sign on with SecureConnect. To protect those online resources better a longer password is significantly helpful.

What do students think of MFA?

MFA is multi-factor authentication. In October 2019, after the fallout of the Chegg breach that revealed widespread reuse of student passwords on non-Pepperdine sites, all Pepperdine students at all schools were sent a poll. One question was, "Would you rather have an annual password change requirement than use MFA at Pepperdine?" The 929 respondents to this poll were vastly in favor of MFA over password reset.

Is SecureConnect required for students?

It is currently opt-in. If you have SecureConnect, powered by DUO mobile, then you have a 4 year password expiration. Without it, your password expires after 1 year. Password expiration is counted from the time your password was last changed.

How do I make a good passphrase?

ISO recommends a passphrase that is like a spoken phrase as being stronger and easier to remember than a code word. See our tips on creating a good passphrase over at https://community.pepperdine.edu/it/security/policies/strongpassword.htm#easypass

How can I remember my passphrase?

ISO recommends using several password managers to create, secure, remember and replay your passwords, like "LastPass Free". See our recommendations on password managers.