Passwords provides a line of defense against unauthorized access to your private data. A poor password places all your information in jeopardy, and undermines the security of our network as a whole. Please choose, and use, a secure password that is not prone to trial and error guessing, and is computationally hard to find by searching all possibly passwords (i.e. brute forcing).

Secure password guidelines

• Length: your password must be 8 characters or longer. Longer is better.
• Complexity: your password must have a least one character that is neither a letter (A-Z,a-z), nor a digit (0-9).
• Wordlist/dictionary: do not use passwords that can be found in any dictionary or wordlist, of any language. Even jargons.
• Personal identifiers: do not use SINs, telephone numbers, dates, friends/family/pets names, etc.
• Simple transformations: do not reverse ("password" -> "drowssap"), append/prepend digits or single characters ("secret" -> "secret!" or "secret5"), replicate ("blah" -> "blahblah"), or do simple substitutions (O->@, o->0, l->1, E->3, e.g. "password" -> "p@ssw0rd) to any of the above. Not all people with bad intentions are idiots -- they know these tricks too!
• Never, never reveal your password to anyone, especially if it asked of you via Email, or requested on a web site that is unknown to you and/or outside of our domain (math.ubc.ca)

Some techniques on choosing passwords:

• Use a passphrase: "I won't eat dirt!"
• Nonsense word: "!grianDor@"
• Use the first/second/etc. letter from each word in a passphrase: "Tmd,u2cof" (To make dough, use two cups of flour)
• Combine words in a non-obvious ways: "$mix%baseball#"