Passwords provides the first line of defense against unauthorized access to your private data. A poor password places all your information in jeopardy, and undermines the security of our network. Please use a secure password that is not susceptible to guessing, and is computationally hard to find by enumerating all possibilities (i.e. brute forcing).

Secure password guidelines

• Length: your password must be at least 8 characters long, but consider 12 or more characters.
• Complexity: your password should have at least one character from each of these classes: upper case, lower case, digits, punctuations.
• Wordlists: avoid passwords found in a wordlist/dictionary of any language. This would include jargons and proper names.
• Personal identifiers: avoid SINs, telephone numbers, dates, friends/family/pet names, etc.
• Simple transformations: avoid simple transformations of the above: reversal ("password"=>"drowssap"), single digit/punctuation append/prepend ("secret"=>"secret!"), homoglyphic substitutions ("password" => "p@ssw0rd).
• Keyboard sequences: "Qwerty...", "QAZ...", "98765...", etc.
• Never reveal your password: do not give it out when asked by Email, or into a web form outside our domain (math.ubc.ca)

Example methods for choosing passwords:

• Use a passphrase: "I won't eat dirt!"
• Nonsense word: "!grianDor@"
• Use the 1st or 2nd or last letter of each word in a sentence: "To make dough, use two cups of flour" => Tmd,u2cof"
• Combine words in a non-obvious ways: "$mix%baseball#"