Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

🎓 Purpose

Purpose

Unique user names and secure passwords and passphrases are used by systems to distinguish between authorized users and unauthorized individuals. Weak passwords can be cracked by a threat actor within a matter of seconds or minutes, merely delaying their access to your systems and data, rather than preventing it.


Audience

Status
titlefaculty
Status
colourBlue
titleresearchers
Status
colourRed
titleAdmin staff
Status
colourPurple
titleIT staff
Status
colourGreen
titlestudents


On this page

Expand
titleRead more

Unique user names and secure passwords are used by systems to distinguish between authorized users and unauthorized individuals. While username generation is often standardized, thus easy to deduce about another individual, passwords are an authentication factor that only you should know and should be complex enough that they cannot be easily guessed or compromised through brute-force (i.e.: try every possible combination) methods. When your credentials are compromised, not only can an unauthorized individual access your system or data, but they are doing so "as you". This is also an issue if you choose to share your password with a colleague, as ultimately you will be responsible for any actions they perform or comprises that occur during their usage. By taking the time choose a secure password and adhering to best practices regarding it's safety and protection, you can limit the chance of such a compromise.

(question)
Expand to view table of contents.
Table of Contents
minLevel1
maxLevel4
include
outlinefalse
indent
styledefault
excludePurpose|Audience|On this page|Search|Additional help|Related articles
typelist
class
printablefalse

Initial considerations

Warning

Do NOT share your password with anyone, regardless of their stated intent. Your supervisor, manager, colleague, nor IT staff should ask you to provide it.

\uD83D\uDCD8 What can I do?

*️⃣ Consider the following principles when choosing a password

Follow the University’s safe password practices when protecting institutional accounts and systems.

📱

What can I do?

New account, new password (or passphrase).

  • For every account you have, you should use a unique password or passphrase to help limit the exposure caused by a breach or theft to just one account.

Use passphrases.

Long

  • Create a passphrase made up of 5 or more words.

Random

  • Avoid common phrases or words which are closely correlated with each other. A limited dictionary size reduces the possible complexity of a passphrase.

Use complex passwords, when passphrases are not possible.

Long

  • Create a password with 14 or more characters, where allowed.

  • Brute-force attacks, wherein all character combinations are attempted in order to guess a password, are most successful for short passwords.

    • Whereas a password made up of 8 characters could take only hours to crack, passwords over 14 characters would take centuries.

Random

  • Avoid common phrases, words associated with your identity (e.g.; name, username, job, family members, hobbies, interest) and other easily guessable words or strings of characters.

Complex

  • Use a combination of uppercase and lowercase letters, numbers, and special characters.

Enroll in the University’s multi-factor authentication (MFA), if you haven’t done so already.

🔓

Use a password manager to help prevent password reuse.

  • When passwords are reused across multiple accounts, a single data breach or successful phishing attempt could result in malicious individuals gaining access to the various accounts where that password was used.

Where possible, use passkeys over passwords.

🎣

Be aware of known phishing attempts and report suspicious emails to help protect your and others credentials.


Page Properties
hiddentrue

Name

Role

Date

Michael Laurentius

Author

Sue McGlashan

Approver (Manager)

Reviewer

Live Search
spaceKeyISH
sizelarge
additionalpage excerpt
placeholderHow do I...
typepage
labelskb-how-to-article,kb-general-concepts,kb-spec-how-to-article


✉️ Additional help

Expandtitle

General

Expandtitle

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Security-(IS)

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Technology-(IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/


uDCCB Related
Filter by label (Content by label)
showLabelsfalse
max10
showSpacefalse
excerptTypesimple
cqllabel in ( "services" , "secure" ) and title !~ "password"