Password best practices and guidelines
Updating your password? Consider using a passphrase.
What is it?
/ˈpasˌfrāz/ (noun): a password that contains:
• at least 4 unique words
• some numbers and punctuation
• at least 15 characters in length
The example has one upper-case letter, four numbers, and two punctuation characters. It’s also memorable.
While the use of dictionary words in a password is discouraged, using words to form a passphrase of total length greater than 14 characters is acceptable.
Setting a strong password/passphrase
Before you change your password
Password complexity requirements
All passwords/passphrases must contain characters from at least four of the following five categories and be a minimum of eight characters in length:
- English uppercase characters (A - Z)
- English lowercase characters (a - z)
- Non-alphanumeric (e.g. !, $, #, %)
- Base 10 digits (0 - 9)
- Unicode characters
Change your password
If your previous password/ passphrase was compromised, adding a single digit or character to it will not be enough to prevent your account from being compromised again.
When you reuse passwords on various sites, a security breach at one site means your information is at risk on other sites where you used that same password.
To reset your password/passphrase, log in to uwaterloo.ca/watiam and select the ‘Change Password’ option from the home page.
After you've changed your password
Update your credentials on mobile
To prevent getting locked out of your accounts, be sure to update your devices with your new password as soon as possible after making the change.
Two-factor authentication (2FA)
Two-factor authentication adds an extra layer of security to your University accounts. Verifying your identity using a second factor, like your mobile phone or tablet, prevents others from accessing your accounts, even if they know your password.
For more information about 2FA, please visit uwaterloo.ca/two-factor-authentication.
When prompted to authenticate, click ‘Cancel’ and select ‘Remember me for 30 days’.
Did you know?
You can self-register for free information security courses on LEARN. Click the ‘Self Registration’ tab in the top menu bar to enroll in:
- Information Security Awareness Training
- Information Security Awareness for Finance and Commerce
- Optional topics in Information Security Awareness
Questions about cyber security?
If you have any questions about the security of your University of Waterloo account, please call ext. 41125 or email firstname.lastname@example.org.
Questions about other IT concerns?
Please contact the IST Service Desk by calling ext. 44357 or email email@example.com.
Get informed, stay safe
For more cyber security information, please visit: