Accounts and Passphrases

In Microsoft 365

1. Sign in to your Microsoft email.
2. Click your name form the top right-hand corner of your email to access your Microsoft account.
3. Click View Account.
4. Click Passwords.
5. Enter your old password. Enter your new password. Confirm your new password. Click submit.

From a School Windows computer

To change your passphrase via a School computer, follow the steps below:

1. Login to the computer using your current Ascham credentials
2. Once you are logged in, press ALT + CTRL + DEL
3. Select Change a password
4. Enter your old passphrase
5. Create a new passphrase and confirm it
6. Press Enter

If you have forgotten your passphrase and need it to be reset, you can now do this without contacting the IT Help Desk. This feature is only available if you have previously set your secret security questions.

To reset your password, go to ascham.school/passphrase, enter in your Ascham email address and follow the on screen prompts.

As long as you know your current passphrase you can check, change or set up your secret security questions by clicking ascham.school/setupquestions.

Students are issued with their Ascham-provided username, email address and password in the following ways:

• New boarders and Year 7 students receive their credentials during their information session in January.
• Senior School students should visit the IT Department to access their account details.
• Junior School students will be given their account details by their class teacher.

Having an easy-to-guess password is just setting yourself (and the School) up to get hacked. To keep us secure, IT have enforced stronger passphrase requirements for our single sign on:

• Students must use a minimum 15-character passphrase.
• This passphrase will be a one-off, and you won’t be required to change this on a regular basis.

Read on for more information about the passphrase and keeping safe from hackers.

Hackers have several methods:

By trying the most common passwords hackers can easily find a way into accounts — things like 123456 or the word password itself. If you’re using one of these and haven’t been compromised yet, you might want to buy a lottery ticket because you’re one of the luckiest people in the world.

Hackers can use brute force attacks to gain access to your account and unencrypt your data. Using a program, they cycle through all possible passwords (testing hundreds or thousands of possible options) until they come up with the right one. Even if you’ve used a combination of upper- and lower-case letters and special characters, modern technology can crack an 8-character password in about two hours (!).

Credential recycling – once hackers or spammers have your username and password to one account, they can easily try these credentials on all your other accounts. If you’ve recycled your credentials (i.e., used that same username and password elsewhere) then suddenly hackers have the ‘keys to the castle’ and access to all of your accounts that share those credentials.

So, what does it take to beat the hackers? Which type of password would be considered secure? As annoying as it may be, you really do need to increase the length and complexity of your passwords and use unique passwords for each account.

It’s actually easier than you may think if you use a passphrase.

As mentioned above, a passphrase is a collection of common words combined together randomly into a phrase. The best passwords are ones that are easy for you to remember but hard for hackers to crack. A passphrase is could be something like big-blue-duck-beach

Passphrases make the best passwords because they use real words that you can remember (rather than a collection of crazy symbols and letters) and they are very long, making them much harder to crack with brute force attacks or other tactics.

The only catch is that the common words in your passphrase need to be truly random in order to be a secure password.

Making a passphrase is simple but be careful when picking the words and characters as humans are notoriously bad at creating true randomness. We love patterns too much and all our words have meaning, so it makes it challenging for us to generate random passphrases.

To create your passphrase, you could use a random passphrase generator online or you could use a formula like this to help you remember:

An adjective + favourite colour + favourite pet + favourite place = big-blue-duck-beach; or

Favourite film + favourite number + favourite singer + favourite sport = frozen-13-ariana-tennis

Note these examples use ‘–’ as spaces which add more characters to your passphrase, making it more secure

Be careful though NOT to actually end up with a meaningful sentence as these are easier to crack!

There are a number of words that are easily guessed, either just in general, or because they are specific to Ascham, therefore we are banning these words in our passphrases, and if you try to use them they won’t be accepted for example: password, 123456789 (as a sequence) Ascham, Hillingdon, Fiona, Senior School, Chevari, Vie et Animo, Old Girl

Although we’re no longer forcing password changes, there may be times you need to change your password e.g. you forget it or we detect a hacking attempt. If you do need to change your password, password transformations are not allowed e.g. your password was big-blue-duck-beach but you want to change it to big-pink-duck-beach. The new password must be different by at least 50% so perhaps big-pink-duck-school