Frequently Asked Question

Password best practices
Last Updated 3 years ago

Passwords are one of the layers of security protecting your information from inappropriate access by the dark side of the internet. A password is only useful when it is used properly; the following procedures will help you to use passwords effectively to secure Yukon University Digital resources.

Password Complexity

A password is strong when it is not easily guessable by someone who knows you or who might look you up on the internet. Password Complexity is a term used to describe the length and type of characters in your password.

Your Yukon University password must :

  • Contain between 10 and 256 characters
  • Contain at least 3 of the 4 following types of characters:
    • UPPER case
    • lower case
    • Numbers
    • Special characters such as $, @, !, #
  • No First Name or Last Name anywhere
  • Not be any part of your previously used password

How to create a strong password

It is very effective to use phrases as passwords as long as they are not directly connected to you or about you.

Here are a few examples of bad passwords:

  • My name is Bob! - This is NOT a good password.
  • Password2020fall - This is a TERRIBLE password (or any variation of it).
  • Password123 - Seriously, don’t use this one or anything similar.

If a password is easy for you to remember and includes Upper Case, Lower Case, Numbers and Special Characters it should be very secure. You may purposely misspell one or more of the words in your password.

Here are a few examples of good passwords. Remember, because these passwords have been written in plain text, do not use any of them.

  • Freed0mfor@ll
  • HoppyBunni_6
  • 1Gre@tGrayde!
  • Pav3m3ntIsFlat

When to change a password

You should change your password regularly ie. Every 30 days is excellent, 60 Days is OK, 90 Days is acceptable and longer is dangerous.

You must change your password whenever you are concerned that it has been compromised ie. if you think someone else might know your password. This happens frequently, you may be tricked into clicking a link in an email and that link took you to a login page where you entered your Unversity userid and password.

NEVER keep any University password in Excel, Word, Text Files or any other un-encrypted type of file even on an encrypted drive! It is totally OK to use a scratchpad type document that has NEVER been saved to play with some password ideas, never save these scratch pad files.


The people at Cloudflare (a reputable company in network security) have compiled a list of many previously compromised passwords. For good fun and scare, you can type a password you have been previously used to see how many times it got compromised. As a best practice: do not type your current password unless you plan on changing it right away. Even if the site is from a reputable source, you do not want to risk exposing your awesome password.

How to change your university password

The most up to date way to change your password is detailed in our article How to reset my password.

Excellent advice

You should consider using a password management application that will help you generate complex passwords, safely store them and make them available on all your devices. This way, if your password is compromised on one site, the attacker will not gain access to all the other sites you are registered on (for example your personal email).

Some good applications:

  • LastPass (free version available)
  • Bitwarden (free version available)
  • KeepassXC (totally free)

Please Wait!

Please wait... it will take a second!