The Security aspect of a password starts with the physical creation of that password. As such it is up to you, as the owner to ensure that the passwords you create are strong enough both in terms of length and complexity. Conventional wisdom says that a complex password is more secure. But, password length is a much more important factor because a longer password is harder to decrypt if stolen. At McMaster University, users are encouraged to exercise appropriate care when creating and securing their passwords as failing to do so may lead to unauthorized access to personally identifiable information, disclosure of intellectual property, unauthorized disclosure of University information, reputational damage and/or monetary loss. Here are a set of guidelines to properly create and maintain passwords for McMaster University identifiers (MacID):
Secure Password Requirements
Passwords must be a minimum of ten (10) characters in length. Passwords must include character(s) from at least three of these four character sets:- Uppercase letters A, B, C, ..., Z
- Lowercase letters a, b, c, ..., z
- Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
- Symbols ~ ! @ # $ % ^ & * ( ) _ + ` - = { } | ] [ \ : " ; < > ? , . /
A Password should be reset or changed:
- at least once every 365 days;
- immediately after the user has been given access to a new account, or when the password has been reset by a third party;
- when there is any indication of a possible system or password compromise; in addition such incidents must be reported to the appropriate authority.