Double Up Your Defenses: Passphrases and 2SV

Why Length and Two-Step Verification Matter

Vancouver Island University (VIU) accounts use passwords for protection. Traditional short passwords are not enough. Cybercriminals use tools to guess millions of passwords every second. You must use a long passphrase and two-step verification to protect your account.

A complex password with eight characters is like a simple lock. A passphrase with 20 characters is like a steel vault. The two-step verification process acts as a security guard. Even if someone steals your passphrase, they cannot access your account without your physical device.

  • Short and complex: Thur5day! takes 26 minutes to crack.
  • Medium and simple: sh0rt-and-sw33t takes three years to crack.
  • Passphrase and two-step verification: T3xt-Books-R-Very-Heavy and the Microsoft Authenticator app is nearly impossible to crack.

How Two-Step Verification Works

The two-step verification process is mandatory for all students, faculty and staff. It requires two pieces of evidence to sign in. You must provide something you know (your passphrase) and something you have (your phone).

  • Mandatory services: You must use two-step verification for VIU email, Microsoft 365, Teams, OneDrive and the VPN.
  • Device trust: When you sign in on a new device, the system trusts it for 30 days. You will not receive a prompt on that device again for 30 days.
  • On-campus access: You will not receive prompts when connected to the wired network or VIU-Secure Wi-Fi.
  • Recommended method: The Microsoft Authenticator app is the most secure method. It works without a cellular connection.

How to Protect Your Account

Please follow these steps to secure your information:

  1. Create a passphrase with more than eight characters. It must include an uppercase letter, a lowercase letter, a number and a symbol. We recommend using at least 16 characters with random words. Example: The-Ocean-Is-Blue-T0day!
  2. Use a unique passphrase for your university account. Do not reuse this passphrase for personal accounts.
  3. Set up two-step verification by opening the Additional security verification page and following the prompts on the screen.
  4. Tap Deny if you receive a prompt you did not request. Change your passphrase immediately.
  5. Press WIN + L to lock your computer before you leave your workstation.

Avoid Password Overload with a Password Manager

Remembering a unique passphrase for every account can cause password overload. A password manager solves this problem. It securely stores all your passphrases and generates strong, unique ones for you. You only need to remember one master passphrase to access your vault.

For more information, please visit the Get Cyber Safe guide on password managers.

Print Article