Your passwords are your last line of defense when it comes to online privacy and security; if a hacker cracks one, they could potentially reset the passwords of and gain access to your various UBC accounts as well as social networks, your bank account and even your identity.

But, while it is very important to use unique, non-trivial passwords passwords for all your computer systems and online accounts, it can be very difficult to create and remember them. To help
resolve this dilemma, we strongly urge the use of a password manager.

One solution we recommend, and use ourselves, is the LastPass
multi-platform password manager. LastPass is easy to use and it will automatically sync between different computers and browsers, letting you access your encrypted database from any device.
Another good option is KeePass.

  1. Make your password strong and memorable; better yet, use a passphrase. Use at least 10 characters; 14 or more is best. Combine lowercase, uppercase, numbers, and symbols. Use words and phrases that are easy for you to remember, but difficult for others to guess.
  2. Use different passwords everywhere. If any one of the computers or online systems using your password is compromised, all of your other information protected by that password is in danger of being compromised as well.
  3. Change your passwords. UBC policy requires users to change their passwords at least once per year.
  4. Never share you passwords with anyone. In particular, never provide your password over email or based on an email request. Any email that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud.
  5. Don’t use the “Remember password” option on a web browser - use a dedicated password manager. If you must use the "Remember Password" browser option, be sure to set a very secure Master Password, otherwise anybody who uses your browser can see all the passwords that are stored.
  6. Don’t type your password on a computer that does not belong to you. If possible, do not use someone else's computer to login to any website, especially to a very sensitive website such as banking.