UTORid password creation policy effective Wednesday, September 16, 2015.

To strengthen the security of UTORid passwords, the Information Security and Enterprise Architecture (ISEA) team will no longer restrict passwords to eight (8) characters.

Users can now choose passwords between 10 and 32 characters, opting for longer passwords that are easy to enter on mobile devices, or shorter, more complex passwords that are quicker to enter at their Desktops.

Users are not required to change current passwords until they choose to do so.

The rules that a user may choose from are demonstrated in the diagram below:

What kind of password do you want? Follow the rules below when creating your new password.

Type No. of characters Character sets Examples
Short 10-15 3 or more sets Ex@shorTest
Intermediate 16-19 2 or more sets ShortJustTwoSets
Easy to type 20-32 1 set (or more) examplelongerbuteasy

Recommendation: Use 4 random words for a long password

Permitted Character Sets

lowercase: a – z

uppercase: A – Z

numbers: 0 – 9

symbols: + – ~ ! @ # % & ( ) . < > ? ; [ ] { } _ ^ = | / (space not allowed)