Passwords and password security

About passwords
Password strength
Change your WatIAM password

Resetting a forgotten WatIAM password
Password security
Password breaches and compromises
Additional information

About passwords

The University of Waterloo manages all userids and passwords through uWaterloo Identity and Access Management (WatIAM). A person's WatIAM credentials are used to access all uWaterloo's systems including Quest, LEARN, myHRInfo, and email.

Password strength

Passwords are set upon first access to WatIAM by the user and must fulfil the following minimum requirements:

  • Be between 8-32 characters long
  • Have at least one character from at least 3 of the following groups
    • Numeric characters (0-9)
    • Lower case letter (a-z)
    • Upper case letter (A-Z)
    • Non-alphanumeric character (-, %, ^, !, $, #, +, etc.)
  • NOT include all or part of your given names or surname
  • NOT contain your userid
  • NOT contain an email address

These minimum requirements ensure that all WatIAM passwords are not easy to discover through brute force or other simple means.  

Change your WatIAM password

To change your password, log into WatIAM, click on "Change My Password" and you will be prompted to change your password.

Resetting a forgotten WatIAM password

  1. Go to the WatIAM login page.
  2. Enter your userid, and then click Forgot Password.
  3. Answer your security questions correctly.

After you answer your security questions correctly, you will be prompted to create a new password according to the guidelines above.

If you cannot correctly answer your security questions, please come in person to the Arts Computing Office (ACO) Help Desk with a piece of photo ID (e.g. your WatCard).

Password security

Even if a password meets the requirements above, it is still possible for it to be compromised. The following are recommended security practices that can prevent a person's WatIAM password from being compromised:

  • Use a unique password for WatIAM.  If someone uses the same password for WatIAM, Facebook, Gmail, etc. and their password on a non-UW server is compromised, then their WatIAM password may be known by others.
  • Do not share or give out a password for a personal account. University of Waterloo staff, faculty, and administration will never ask you to tell them your password. If someone finds out your password, change it immediately.
  • Always enter passwords manually when online. Anyone who gains access to stored browser passwords or cookies has the potential to use the associated accounts on those web sites. 
  • Change passwords periodically. Though the University of Waterloo does not currently require people to change their passwords, it is recommended that people change their passwords every 126 days (approximately once a term).

Password breaches and compromises

Any password breaches or compromises are subject to the Information Security Breach Response Procedure.

WatIAM accounts that have been found to be or suspected of being breached will be temporarily locked until they have been investigated. People will be directly contacted by a member of Information Systems & Technology (IST) regarding their account. If you believe your account has been compromised and have yet to receive any communication from IST, please contact the ACO Help Desk or the IST Service Desk.

Additional Information

For more information regarding passwords and password security, see the following pages:

Services feedback form

Did you have a recent service experience with the Arts Computing Office?

Live chat

Computing questions? Connect with the Arts Computing Office Help Desk on our live chat! Available Monday to Friday, 9:30AM - 4:30PM, with some exceptions.