Password Best Practices
Passwords – do I have to change them?
Managing your passwords is an important part of your defense against cybercriminals. As a UCalgary community member, protecting yourself also means you are giving assurance to your university family. To manage your password visit password.ucalgary.ca and follow the directions. Students, faculty, staff and community members with an IT Account are asked to change their passwords yearly via email. This helps mitigate risks, such as credential stuffing attacks, for example. To strengthen your password please see the tips below.
It is a pain!
BUT, Password Management is about mitigating or decreasing risk. There is no such thing as a secure password. By changing your password if you feel or know it has been compromised, you are decreasing the likelihood of someone guessing your password and accessing your login ID. For advice on password management visit: Password managers - Get Cyber Safe.
Keep it complex
The more characters your password uses and the more random it is, the less likely it will be guessed. Hackers or robot attackers rely on patterns to break through password protection. This is another good reason not to use birth dates or family names. Also, please do not reuse passwords, as this increases the opportunity for someone to guess your password.
- When possible, create a passphrase: a combination of four or more random words.
- Use at least twelve characters.
- Use a combination of upper and lower-case letters and at least one number.
- Include at least one character that isn't a letter or number, like: !, # or $.
- Use a series of letters that only make sense to you, like the first letter of each word in a sentence.
For more information on creating a good password, please visit:
Never, ever share
Despite what your parents said about sharing, never share your password! Your password is your proof of identity. If you do, your identity is tied to all transactions that were conducted during that particular log on session. This could include mistakes, malicious attacks and criminal activity.
We don’t want to know
UCalgary IT will never ask you for personal information or passwords. Anyone who asks for any personal information, by phone or email, claiming to be UCalgary IT, is phishing for your information!