Password Best Practices

Why should I choose a strong password?

Passwords are an important security measure designed to protect the privacy of your personal information and the security of University documents and data. Passwords should be easy for you to remember and difficult for others to guess.

Even if you are not concerned about someone having access to your personal information, an attacker could use your username and password as a stepping stone to gain access to other sensitive University information or to commit crimes. This would be linked back to you.

What makes a strong password?

  • Length: minimum of 14 characters (Longer passwords make it almost impossible for attackers to crack your password)
  • Multiple character types
  • While mutiple character types are harder to guess, they also make things harder to remember.  We encourage you to use longer passwords as opposed to complicated short ones. 
    Possible character types include:
    • lowercase letters
    • uppercase letters
    • numbers
    • special characters (eg. !, @, #, $, /, ?, etc.)
    • a space character is valid for most password forms.  Choose a pass phrase if its easier to remember for you
  • Not easily guess-able
  • Your password should not contain any of the following, as they make it much easier to guess:
    • Your username
    • Your first, middle, or last name
    • A word in the dictionary (short words of 4 letters or less are OK)
    • Any of the above spelled backwards
    • Repeated characters (eg. AAA, 555)
    • Alphabetic sequences (eg. abc, zyx)
    • Numeric sequences (eg. 123, 987)
    • Keyboard sequences (eg. qwe, lkj)

How to create a strong password?

Lots of people know your boyfriend's name, your dog's name, the street you live on and your birthday, so avoid these when choosing a password. A few strategies for picking strong passwords:

  • Think of a song lyric you like (eg. I still haven't found what I'm looking for) and use the first letter of each word to make your password: IshfwIl4 (we substituted the digit 4 for the word 'for')
  • Think of a person or event and include a related date. For example, William Shatner was born in 1931, so a possible password would be WilliamShatner1931 (the length of this password will make it very hard for attackers to guess) 
  • Create an imaginary email address and use it as your password: tricky@hard2guess.org
  • Don't use these or any other example passwords

Protect your password

  • Don't share your password with anyone. No matter what.
    If you're used to sharing your password with other people for a specific purpose, please call the Solutions Centre (329-2490 or help@uleth.ca) to discuss different ways to get the job done
  • Don't use your U of L password on non-U of L sites or systems.
    There are many unscrupulous websites out there that will try to use the password you give them to access other sites you use (U of L, email, banking, etc.)  Password reuse puts everyone at risk.
  • Keep your password safe.
    If you need to write it down, make sure to store it somewhere that others won't find it
    • Good: In your wallet or a locked drawer
    • Bad: Under your keyboard or on your monitor
    • Good: A password management tool

How do I change my password?

Visit the University's Password Change Form.

 

Tips and Tricks for a seamless password change experience.

 

  1. Before changing passwords make sure all devices that utilize it are nearby.  These typically are those that are linked to the same email account.
  2. Change the password and in Windows machines, clear the information from Windows Credential Manager in Control Panel.  On Mac’s clear it from Keychain
  3. Use a checklist to change a password for all services on each device.  They may include:
    1. Wireless
    2. Email
    3. Network share drives/printers
  4. Use a password management tool to remember all your various passwords for you.  Don’t rely on internet browsers to store passwords.  Many free solutions are available
    1. KeePass
    2. LastPass