The University of Waterloo manages all userids and passwords through uWaterloo Identity and Access Management (WatIAM). A person's WatIAM credentials are used to access all uWaterloo's systems including Quest, LEARN, myHRInfo, and email.
Passwords are set upon first access to WatIAM by the user and must fulfil the following minimum requirements:
- Be between 8-32 characters long
- Have at least one character from at least 3 of the following groups
- Numeric characters (0-9)
- Lower case letter (a-z)
- Upper case letter (A-Z)
- Non-alphanumeric character (-, %, ^, !, $, #, +, etc.)
- NOT include all or part of your given names or surname
- NOT contain your userid
- NOT contain an email address
These minimum requirements ensure that all WatIAM passwords are not easy to discover through brute force or other simple means.
To change your password, log into WatIAM, click on "Change My Password" and you will be prompted to change your password.
- Go to the WatIAM login page.
- Enter your userid, and then click Forgot Password.
- Answer your security questions correctly.
After you answer your security questions correctly, you will be prompted to create a new password according to the guidelines above.
If you cannot correctly answer your security questions, please come in person to the Arts Computing Office (ACO) Help Desk with a piece of photo ID (e.g. your WatCard).
Even if a password meets the requirements above, it is still possible for it to be compromised. The following are recommended security practices that can prevent a person's WatIAM password from being compromised:
- Use a unique password for WatIAM. If someone uses the same password for WatIAM, Facebook, Gmail, etc. and their password on a non-UW server is compromised, then their WatIAM password may be known by others.
- Do not share or give out a password for a personal account. University of Waterloo staff, faculty, and administration will never ask you to tell them your password. If someone finds out your password, change it immediately.
- Always enter passwords manually when online. Anyone who gains access to stored browser passwords or cookies has the potential to use the associated accounts on those web sites.
- Change passwords periodically. Though the University of Waterloo does not currently require people to change their passwords, it is recommended that people change their passwords every 126 days (approximately once a term).
Any password breaches or compromises are subject to the Information Security Breach Response Procedure.
WatIAM accounts that have been found to be or suspected of being breached will be temporarily locked until they have been investigated. People will be directly contacted by a member of Information Systems & Technology (IST) regarding their account. If you believe your account has been compromised and have yet to receive any communication from IST, please contact the ACO Help Desk or the IST Service Desk.
For more information regarding passwords and password security, see the following pages: