We are working on migrating from password to passphrase for over a year as a side gig and unable to get it done yet.
We had to redesign a customized CICS logon screen to accept passphrases.
Our passwords are case-insensitive, but passphrases are case sensitive, so it is difficult to ask every single mainframe user to set a case-sensitive password.
We had to identify all the RACF accounts used by interfacing systems and make them use passphrases, this was difficult to identify as many of the accounts are service accounts with non-expiring passwords and setup a long time ago.
Some of the interfacing systems connecting to Mainframe did not have the capability to accept more than 8 characters for password. So we had to upgrade those interfacing systems.