Site Accessibility Statement
Wilfrid Laurier University Information and Communication Technologies
September 1, 2014
 
 
Canadian Excellence

Guidelines to Password Selection and Maintenance



The purpose of passwords is to prevent unauthorized people from accessing user accounts and the system in general. The basic selection principle is that passwords should be easy to remember but hard to guess or crack. Even if you feel that you do not have anything important on your account, you should be aware that getting onto a system via any account is the first step for unauthorized system access. The account that opens the door may not be of interest except as a point to launch an attack on the system in general. Your password is the primary defence against unauthorized access to both your private information and that of the University.

Password Selection

Passwords should be hard to guess. This means that passwords or components of passwords should meet the following criteria:
- Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.)-
- Don't use names of persons, pets, places or things significant to you in any form.
- Don't use numbers significant to you or someone close to you: phone numbers, birth dates, license numbers, etc.
- Don't use any name, number, place or other item associated with the University.



Passwords should be immune as possible to attack by password cracking programs. This means that passwords or components of passwords should meet the following criteria:
- Don't use a word contained in English or foreign language dictionaries, place names, and proper nouns.
- Don't use passwords of all the same letter.
- Don't use passwords based on simple keyboard patterns, such as ghjkl;' or qwerty.
- Don't use any of the above reversed or followed/prepended by a single digit.



To construct a better password we recommend the following guidelines. Remember that the password should be easy to remember.
- Use a password with unusual capitalization.
- Use a password with nonalphabetic characters, e.g. numbers or punctuation, if your system allows them.
- Choose a line from a book, poem or song or generate a sentence you will remember. Use the first letter of each word to generate the password. For example, "In Xanadu did Kubla Khan a stately pleasure dome decree" could become "IXdKKaspdd".
- Concatenate words or parts of words. For example:
(a) dog + rain becomes "dog:rain" or better "doG:raiN",
(b) the + dog becomes "the1dog" or better "the1Dog=",
(c) my + ninety + books becomes "my9tybooks" or better "mY9tyBooks".
- Embed or interleave two or more words. This technique is not for everyone. Embedding and interleaving comes easily to some people but the combinations are impossible to remember easily for others. For example:
(a) kitten + dog becomes "kitdogten" or better "kiTdogTen",
(b) cat + dog becomes "cdaotg" or better "cd8ao;tg".



Password Maintenance

Once selected, your password should not be recorded anywhere either on paper or in a computer file.

Do not share your password with anyone. Anyone who needs access to the system will be given their own account.

Change your password regularly. Users are required to change their passwords every 90 days.

If you believe that your password has been compromised and that your account, on any system, is being used by some other individual, please contact Bob Ellsworth, Manager: Computer and Network Security at x3120 or bellswor@wlu.ca

These guidelines are intended for your protection by making both your account and the University computer systems more secure.