Why do I need a strong password?

Your NSID and password grant you access to many services including PAWS, e-mail and the wireless network. The university’s IT systems contain valuable personal and institutional data. In addition, university IT resources are an attractive target for attackers looking to carry out malicious or illegal activities.

The university’s high-speed network connections and substantial computing and storage capacity can be abused to:

  • Send large batches of unsolicited e-mail (commonly referred to as "spam").
  • Illegally distribute pirated software and pornography.
  • Carry out identity theft and share stolen identities.
  • Run software to "crack" passwords.
  • Attack or disrupt computer and network operations here and at other sites (often referred to as “denial of service” attacks).

Having a strong password helps protect yourself and others at the univesity.

How can I choose a strong password?

The general guidelines below offer helpful ideas for selecting a password that is both strong and easy for you to remember.

  1. Do not use words in the dictionary for any language.

    Hackers can run automated programs that try every word in the dictionary. For similar reasons, do not choose a word written backwards.

  2. The longer the password is, the better. Passwords should never be shorter than six characters.

    Strong passwords should be long enough to make it difficult to watch you typing it or to use brute force methods to crack it.

  3. Choose a password that you’re comfortable with and is easy to remember.

    Do not choose a word based on your name (first, middle or last), your username, the name of any friends or family, or associated with anything personal that is easily obtained. For example, do not use:

    • The make or model of your vehicle
    • Names of pets
    • Your student number
    • Your phone number
    • Birthdays
    • Your social insurance number
    • Your hobby

  4. Do not use a password you’ve used previously.

    If you have multiple services then use different passwords. If you use the same password for a number of services (e.g. Internet banking, e-mail, phone bill, desktop login, etc.), you increase exposure and likelihood of your password being discovered.

    • Consider software such as Password Safe or Last Pass to store and manage your passwords across computers and platforms.
    • Some support multiple platforms:  PC, Mac, iPhone, iPad, and Android

  5. Use a mixture of upper and lower case characters, numbers and symbols.

    Using mixed case characters in a password makes it even harder to guess. Passwords are usually case sensitive, so even if someone guesses the right password, they might not guess which letter you capitalized. Substitute some characters with numbers or special characters.

  6. Keep your password a secret.

    Never tell anyone your password or write it down.

What else can I do?

Consider 2-factor Authentication

  • Uses a password and a second authenticator
    • can be a code generated by a mobile phone
    • or sent to the mobile phone by SMS
    • or a voice call
  • Supported by:
    • Google
    • Microsoft
    • Facebook

Be Watchful When Filling Out Online Forms

When filling out online forms, check to make sure that the forms in which you enter passwords are protected—the URL should begin with https://. Also, when logging into services, be sure the URL is the correct one (did you follow a link in a suspicious email or did you navigate to the site yourself?)

Secure Your Computer When You're Not Using It

Log off from your computer if you are going to be away from the keyboard – even for a short period of time. And don't leave your computer unattended in a public space.

Take IT Security Awareness Training

Online information security training is available to all members of the university community. The training modules take you through best practices for how to protect your personal information and contribute to a safe information technology environment for the university.

University of Saskatchewan Password Guidelines

Purpose

To define password guidelines for creating strong passwords and securing your password to protect the university data you have access to.

A computer account consists of a username and password. At the U of S, the most common form of a username is the Network Services Identifier (NSID). The NSID consists of three letters followed by three numbers (e.g. abc123). Members of the university community are provided with a randomly generated password that can be changed in PAWS. Your computer account provides access a variety of university services, including but not limited to, PAWS, e-mail, student and financial systems, computer labs, file storage space, wireless network, servers, and databases.

Scope

The password guidelines are applicable to all members of the university community.

Protecting a Password

  • Keep your password a secret.
  • Commit your passwords to memory. If a password is written down, it should be locked away in a secure place.
  • If a website or browser asks to keep you signed in, unclick that option and re-enter your password each time.
  • Make sure sites are secure (https) before you enter your password.
  • When off-campus, use a virtual private network (VPN) to access campus resources.
  • University IT Service Desk or IT support staff will never ask for users’ passwords.
  • Do not respond to emails or phone calls requesting you to verify your passwords.
  • Do not share your passwords for any reason – even with trusted individuals.
  • Never send passwords by email.

What Makes a Strong Password

The general guidelines below offer helpful ideas for selecting a password that is both strong and easy for you to remember. 

  • The longer the password is, the better. Passwords should never be shorter than eight characters.
  • Choose a password that you’re comfortable with and is easy to remember.
  • Use a mixture of upper and lower case characters, numbers and symbols.
  • Do not use words in the dictionary for any language. Stay away from words spelled backwards, misspelled words, and abbreviations that are easy to figure out.
  • Never use your name, NSID, birthday, address, driver’s license or passport number.
  • Avoid using information that your colleagues and/or acquaintances might know.
  • Do not use a password you’ve used previously.
  • Avoid character or number repetition (4444 or dddd).
  • Avoid simple sequences (abcdefg or 123456) or use letters that appear in a row on your keyboard (qwerty).

If an account or password is suspected to have been compromised, report the incident to the ICT Service Desk.