Password best practices and guidelines

Updating your password? Consider using a passphrase.

Setting a strong password/passphrase

Before you change your password

1

Password complexity requirements

Password complexity requirements (e.g., including a digit, uppercase character, special character) are being removed in favour of longer passphrases. Password standards will be updated as follows:

  • Minimum length: 15 characters
  • Maximum length: 64 characters
  • Other: does not contain the individual’s name or other University of Waterloo identifier
  • Privileged accounts: Current password complexity rules for privileged accounts in NEXUS (e.g., !) will remain in force with the minimum length adjusted to 15 characters 

Change your password

2

Be different

If your previous password/ passphrase was compromised, adding a single digit or character to it will not be enough to prevent your account from being compromised again.

Avoid reusing

When you reuse passwords on various sites, a security breach at one site means your information is at risk on other sites where you used that same password.

WatIAM

To reset your password/passphrase, log in to uwaterloo.ca/watiam and select the ‘Change Password’ option from the home page.

After you've changed your password

3

Update your credentials on mobile

To prevent getting locked out of your accounts, be sure to update your devices with your new password as soon as possible after making the change.

Two-factor authentication (2FA)

Two-factor authentication adds an extra layer of security to your University accounts. Verifying your identity using a second factor, like your mobile phone or tablet, prevents others from accessing your accounts, even if they know your password.

For more information about 2FA, please visit uwaterloo.ca/two-factor-authentication.

2FA tip

When prompted to authenticate, click ‘Cancel’ and select ‘Remember me for 30 days’.

2fa screenshot

Did you know?

You can self-register for free information security courses on LEARN. Click the ‘Self Registration’ tab in the top menu bar to enroll in:

online learning
  • Information Security Awareness Training
  • Information Security Awareness for Finance and Commerce
  • Optional topics in Information Security Awareness

Questions about cyber security?

If you have any questions about the security of your University of Waterloo account, please call ext. 41125 or email soc@uwaterloo.ca.

Questions about other IT concerns?

Please contact the IST Service Desk by calling ext. 44357 or email helpdesk@uwaterloo.ca.

Get informed, stay safe

For more cyber security information, please visit: 
uwaterloo.ca/cyber-awareness.