Are you just as sick and tired as the rest of us of changing your passwords every month, 3 months, 6 months? Well according to NIST (National Institute of Standard and Technology) and Microsoft, this practice is now “ancient and obsolete”.

Passwords are something that most people struggle with and forcing them to change their passwords so frequently just encourages them to use minor variations of already weak passwords. It is basically like constantly changing the locks for someone that struggles with their keys.

The new standard is to create a super secure passphrase rather than a password and only change it if you believe your account has been compromised.

What is a passphrase?

A passphrase is made up of the first 2 or 3 letters of phrase that is easy to remember but hard for hackers to guess or obtain.

Example: PJT are our favourite accountants – PJTArOuFaAc

You can then add numbers and symbols after the passphrase to make it even more personal.

Example: PJTArOuFaAc10%

Once you have your passphrase you can then make it unique to each account. Come up with your own system to add the site or account to the end of the password.


  1. Facebook - PJTArOuFaAc10%fb
  2. Email - PJTArOuFaAc10%em or PJTArOuFaAc10%ms (for Microsoft) or PJTArOuFaAc10%gm (for Gmail)

It is best to create a unique passphrase for different accounts depending on their level of importance.

  1. High level importance – Logins such as email, internet banking, Xero and social media
  2. Medium level importance – Logins such as computer login and non-financial online accounts
  3. Low level importance – Logins such as accounts for newsletter subscriptions, one-time online purchases, loyalty and online rewards (Woolworths, Coles, Guzman Y Gomez, Supacheap Auto).

If you have any questions about passphrases and passphrase creation then give our friendly onsite IT support team a call on 07 5413 9300.