Search

Creating a Strong Password

Information Security Office


A periodic password change helps to balance the risk of allowing indefinite access to one’s accounts and data. It ensures (and reinforces) access to accounts by legitimate users only, should the password be acquired by others through whatever means.  

Here are some characteristics of a weak password:
  • Password contains less than eight characters
  • Password is a common usage word such as the name of places, people, a phone number, location, personal effects, or an address
  • Password is a random word chosen from a dictionary
  • Password is made of commonly formed characters such as "password", “qwerty” or “12345678”

Passwords should be easy for you to remember but very difficult to guess. Here are some suggestions on how to create a password that is strong and memorable:
  • Create a password from a favourite song, poem or quote. Use the first letter of each word and substitute a number wherever possible. For example, using the phrase “I ate this for supper last night!” can become ‘I8tfsln!’
  • Use a run-on sentence and substitute numbers for words – “Oh say can you see” becomes ‘0saycanUsee’
  • Substitute a number that looks like a letter – “brother” becomes ‘6r0ther’; “Hacker” becomes ‘H4ck3r’
  • Use words that you find yourself periodically misspelling – “These” becomes ‘Theze’; “excitement” becomes ‘exitment’

Not all systems support the use of special characters like !@#$%^&*. In these cases, try to use a password that contains at least one number to ensure complexity. 

Protect Your Password

Keep your password private. There is no need to share your password with others. This includes coworkers, assistants, fellow students and technical staff – they have their own accounts they can use. 

Practice good password security by keeping the following important points in mind:

  • Do not reveal your password to ANYONE over the telephone
  • Do not send your password in an Email or text message
  • Do not reveal your password to your supervisor, workmates or fellow students
  • Do not reveal your password to ANY technical staff
  • Do not hint at the format of a password
  • Do not share your University password with other family members
  • Do not reveal your password to coworkers while on vacation
  • Do not store your password on a sticky note or on your computer or PDA without using encryption
  • Do not reveal your password even if someone demands it

 

If you suspect that your account or password has in some way become compromised, report the incident immediately to the TSC Service Desk or the Administrator hosting the computing service. They will assist you in changing your password for that account. If this happens, it is strongly recommended that you change ALL of your passwords immediately to ensure other accounts are not compromised.

Campus IT technicians will never ask you for your password. If you receive such requests (either through phone, Email or even from a person) do not give it out.