Enhancing password security at Waterloo 

Thursday, July 4, 2019

Like any organization with a significant Internet presence, the University of Waterloo is facing ongoing cyber security challenges with passwords. To help address these challenges, the Information Security Services team recently conducted a password audit on central campus systems. Owners of accounts with passwords that did not confirm to the University password standards were contacted by the Information Systems & Technology and instructed to update their password in WatIAM.  
 

Restricting use of breached or commonly used passwords 

A recent change to the WatIAM system will now prevent employees from setting a password that has been identified as one of over 520 million breached or commonly used passwords. In addition to the adoption of two-factor authentication, this change will help protect against two growing security risks: 

  • Credential stuffing: The automated injection of breached username/password pairs to gain access to user accounts. 

  • Password spraying: Attempting to gain access to a large number of user accounts using common passwords (made more available by the increase in breaches over the years).  

Employees are encouraged to use a passphrase and can learn more about this by visiting the Cyber Awareness website, https://uwaterloo.ca/cyber-awareness/passphrase.  
 

Questions or concerns? Please contact the IST Service Desk, helpdesk@uwaterloo.ca, ext. 44357. 

  1. 2019 (59)
    1. July (4)
    2. June (9)
    3. May (13)
    4. April (8)
    5. March (8)
    6. February (7)
    7. January (10)
  2. 2018 (112)
    1. December (6)
    2. November (7)
    3. October (8)
    4. September (10)
    5. August (9)
    6. July (11)
    7. June (11)
    8. May (12)
    9. April (9)
    10. March (8)
    11. February (5)
    12. January (16)
  3. 2017 (113)
    1. December (11)
    2. November (11)
    3. October (9)
    4. September (8)
    5. August (6)
    6. July (6)
    7. June (16)
    8. May (10)
    9. April (7)
    10. March (7)
    11. February (13)
    12. January (9)
  4. 2016 (136)
  5. 2015 (203)
  6. 2014 (210)
  7. 2013 (95)
  8. 2012 (187)
  9. 2011 (120)
  10. 2010 (114)
  11. 2009 (233)
  12. 2008 (100)
  13. 2007 (2)