The Protect IU Blog
Passphrase expirations — time for an online oil change
IU Begins Passphrase Expiration
Indiana University will require individuals to maintain a passphrase that is less than two years old. Starting in August 2012, the Central Authentication Service (CAS) will feature a note reminding users of pending passphrase expiration. On September 10, 2012, UITS will begin phasing in passphrase expiration, starting with the oldest passphrases. Users who do not change their passphrases by the deadline will lose access to CAS-authenticated sites such as OneStart, Oncourse, and PeopleSoft.
Most people often associate passwords and passphrases with keys — such as a house or car key — because they both grant access to resources to authorized parties while working in conjunction with mechanisms that deny access (like a locked door) to unauthorized parties.
Think about it this way...
The thing about keys is that most of us never change them, and by most accounts they don't lose their effectiveness by being old. Not so with passwords.
Think about passwords and passphrases being more like oil in a car, or a water heater in a house: your car needs oil, your house a water heater. All work great when they're new, they last awhile, but none are meant to last forever.
Steven Myers, Associate Professor of Computer Science and Informatics at Indiana University Bloomington, explains the nuances and intricacies of password/passphrase authentication. He thoroughly explains HOW and WHY passphrases are vastly superior to old, short passwords: