Choosing Secure Passwords

Choosing Secure Passwords

Your CWL password protects your account from intrusion from malicious users. It proves to the system that you are who you say you are. Anyone who can guess your password can pose as you, and you may be held responsible for their actions. To safeguard your CWL account, it is important to never share your password with anyone, and to choose a password that is difficult to guess.

Create a Strong Password

All CWL account holders need to update their passwords to follow new password complexity rules. All CWL passwords must now be either a short complex password or a passphrase.

  • For a password, use a minimum of 8 characters, using at least one uppercase and lowercase alpha character, one numeric, and one symbol.
  • A passphrase must be at least 16 characters long, and does not require use of any specific characters.
  • Spaces may be used in a password provided they are not at the beginning or end of the password.
  • You cannot reuse the current password.

However, some passwords are definitely more secure than others. A good password would be something meaningful to you but not to anyone else.

Try the following techniques:

  • Punctuation marks (!?.) mixed with letters and numbers, such as putting it in the middle or using it for a contraction (e.g., "W0*rldPe?ac3")
  • Deliberately misspelling a word (best when combined with other techniques).
  • Picking several small words spelled in mixed case separated by punctuation marks and special characters (e.g., "I#luV[mE]2").
  • Pick a phrase and choose the first letter of each word (or a number), randomly capitalized, with odd punctuation (e.g., "Two heads are better than one" could be "2h?R*bt1").
  • Choose a longer passphrase that you would remember and others would not easily guess, even those that know you well.

Do not do the following when you create a password:

  • Do not use your student ID, social insurance number, or any personal information that could be guessed.
  • Words in any dictionary (English, French, Medical, etc.)
  • Your user name or real name.
  • Anyone's name, especially names of pets, friends or family members.
  • Any dictionary word with a random number or character before or after it (e.g., "trustno1").
  • Any dictionary word capitalized ("Dog"), reversed ("god"), mirrored ("doggod"), or doubled ("dogdog").
  • Any sequence of letters or numbers, such as "12345," "qwerty," or "abcde."