Skip to main content

It’s time to update your password

These security measures are essential defences against cyberattacks
February 1, 2024
By Sylvie Babarik

Secure passwords are one of your best defences against cybersecurity attacks. They are also essential protection for personal and researcher data stored within Concordia systems.

As a result, each and every student, faculty and staff member must choose a strong password that meets basic criteria, and must update it regularly.

“Updating and strengthening your password is good cyber-hygiene,” says Mike Popoff, chief information security officer for Concordia’s Instructional and Information Technology Services (IITS). “It significantly reduces the risk of hackers getting hold of your information and network privileges.”

IITS recommends that you change your passwords every 12 months or immediatley if there is any sign of compromise.

Change your password to a passphrase

Passwords and passphrases essentially serve the same purpose. However, passwords are generally shorter than passphrases, harder to remember and also easier to crack.

Passphrases consist of a sequence of mixed words — with or without spaces. For example, you might create a passphrase by using association techniques, such as scanning a room in your home and creating a passphrase that uses words to describe what you see (for example, “Cl0set l@mp Bathr00m Mug”).

Because they are longer and yet easier to remember than a password of random mixed characters, IITS recommends using passphrases when possible.

Keep your passwords safe

Creating and remembering your strong passwords or passphrases is still a challenge? A password manager might be a good solution, as it automatically generates and stores strong and different passwords for various accounts.

Prioritize a stand-alone encrypted password manager over a browser-based one. Stand-alone tends to be more secure than browser-based and they allow for a complex master password and typically offer multi-factor authentication.

Update your password now

To reset your password, go to your My CU Account, select Personal and then select Accounts and Passwords. Once you’ve signed in, select your Netname and change your password.

If you have saved your password to an email client on your mobile device, you will also need to update that when prompted to do so.

All Concordia passwords must comply with some basic criteria:

  • Be 12 to 16 characters in length
  • Include at least one lowercase letter
  • Include at least one uppercase letter
  • Include at least one number
  • Include at least one special character, such as !, @, #, $ or *

Importantly, avoid using phone numbers, birthdates, names of people or places or other words found in the dictionary.

Be sure to never include elements of your netname. Also, avoid using words such as “password,” “Concordia” or sequences like 123456. Choosing simple passwords makes you an easier target.

Other password safety measures include the following:

  • Keep your password secret. Do not share it, and do not write it down where it can be seen by others.
  • Select “no” if an application prompts you to save your password. Otherwise, anyone with access to your computer could log in to your accounts.
  • Use a password for your Concordia accounts that is different from other accounts like your online banking or social media platforms. It is very important to choose a different password for each of your online accounts.

For more information on password security, visit
Concordia’s IT Security page about protecting your identity.



Back to top

© Concordia University