Password Best Practices

Why should I choose a strong password?

Passwords are an important security measure designed to protect the privacy of your personal information and the security of University documents and data. Passwords should be easy for you to remember and difficult for others to guess.

Even if you feel that your password doesn't protect anything that matters to you, an attacker could use your username and password as a stepping-stone to gain access to other sensitive University information or to commit crimes that would be linked back to you.

What makes a strong password?

  • Length: minimum of 8 characters
  • Multiple character types
  • Choose characters from at least three of the following four categories:

    • lowercase letters
    • uppercase letters
    • numbers
    • special characters (eg. !, @, #, $, /, ?, etc.)
  • Not easily guessable
  • Your password should not contain any of the following, as they make it much easier to guess:

    • Your username
    • Your first, middle, or last name
    • A word in the dictionary (short words of 4 letters or less are OK)
    • Any of the above spelled backwards
    • Repeated characters (eg. AAA, 555)
    • Alphabetic sequences (eg. abc, zyx)
    • Numeric sequences (eg. 123, 987)
    • Keyboard sequences (eg. qwe, lkj)

How to create a strong password?

Lots of people know your boyfriend's name, your dog's name, the street you live on, and your birthday, so avoid these when choosing a password. A few strategies for picking strong passwords:

  • Think of a song lyric you like (eg. I still haven't found what I'm looking for) and use the first letter of each word to make your password: IshfwIl4 (we substituted the digit 4 for the word 'for')
  • Think of a person or event and include a related date. For example, William Shatner was born in 1931, so a possible password would be WSh@ner1931 (we substituted the @ symbol for the 'at' in Shatner)
  • Create an imaginary email address and use it as your password: tricky@hard2guess.org
  • Don't use these or any other example passwords

Protect your password

  • Don't share your password with anyone. No matter what.
    If you're used to sharing your password with other people for a specific purpose, please call the Solutions Centre (329-2490 or help@uleth.ca) to discuss different ways to get the job done
  • Don't use your U of L password on non-U of L sites or systems.
    There are many unscrupulous websites out there that will try to use the password you give them to access other sites you use (U of L, email, banking, etc.)
  • Keep your password safe.
    If you need to write it down, make sure to store it somewhere that others won't find it
    • Good: In your wallet or a locked drawer
    • Bad: Under your keyboard or on your monitor

How do I change my password?

Visit the University's Password Change Form.