Password Best Practices

Why should I choose a strong password?

Passwords are an important security measure designed to protect the privacy of your personal information and the security of University documents and data. Passwords should be easy for you to remember and difficult for others to guess.

Even if you are not concerned about someone having access to your personal information, an attacker could use your username and password as a stepping stone to gain access to other sensitive University information or to commit crimes. This would be linked back to you.

What makes a strong password?

  • Length: minimum of 8 characters
  • Multiple character types
  • Choose characters from at least three of the following four categories:
    • lowercase letters
    • uppercase letters
    • numbers
    • special characters (eg. !, @, #, $, /, ?, etc.)
  • Not easily guess-able
  • Your password should not contain any of the following, as they make it much easier to guess:
    • Your username
    • Your first, middle, or last name
    • A word in the dictionary (short words of 4 letters or less are OK)
    • Any of the above spelled backwards
    • Repeated characters (eg. AAA, 555)
    • Alphabetic sequences (eg. abc, zyx)
    • Numeric sequences (eg. 123, 987)
    • Keyboard sequences (eg. qwe, lkj)

How to create a strong password?

Lots of people know your boyfriend's name, your dog's name, the street you live on and your birthday, so avoid these when choosing a password. A few strategies for picking strong passwords:

  • Think of a song lyric you like (eg. I still haven't found what I'm looking for) and use the first letter of each word to make your password: IshfwIl4 (we substituted the digit 4 for the word 'for')
  • Think of a person or event and include a related date. For example, William Shatner was born in 1931, so a possible password would be WSh@ner1931 (we substituted the @ symbol for the 'at' in Shatner)
  • Create an imaginary email address and use it as your password:
  • Don't use these or any other example passwords

Protect your password

  • Don't share your password with anyone. No matter what.
    If you're used to sharing your password with other people for a specific purpose, please call the Solutions Centre (329-2490 or to discuss different ways to get the job done
  • Don't use your U of L password on non-U of L sites or systems.
    There are many unscrupulous websites out there that will try to use the password you give them to access other sites you use (U of L, email, banking, etc.)
  • Keep your password safe.
    If you need to write it down, make sure to store it somewhere that others won't find it
    • Good: In your wallet or a locked drawer
    • Bad: Under your keyboard or on your monitor

How do I change my password?

Visit the University's Password Change Form.


Tips and Tricks for a seamless password change experience.


  1. Before changing passwords make sure all devices that utilize it are nearby.  These typically are those that are linked to the same email account.
  2. Change the password and in Windows machines, clear the information from Windows Credential Manager in Control Panel.  On Mac’s clear it from Keychain
  3. Use a checklist to change a password for all services on each device.  They may include:
    1. Wireless
    2. Email
    3. Network share drives/printers
  4. Use a password management tool to remember all your various passwords for you.  Don’t rely on internet browsers to store passwords.  Many free solutions are available
    1. KeePass
    2. LastPass