To strengthen the security of UTORid passwords, the Information Security and Enterprise Architecture (ISEA) team will no longer restrict passwords to eight (8) characters.
Users can now choose passwords between 10 and 32 characters, opting for longer passwords that are easy to enter on mobile devices, or shorter, more complex passwords that are quicker to enter at their Desktops.
Users are not required to change current passwords until they choose to do so.
Type | No. of characters | Character sets | Examples |
Short | 10-15 | 3 or more sets | Ex@shorTest |
Intermediate | 16-19 | 2 or more sets | ShortJustTwoSets |
Easy to type | 20-32 | 1 set (or more) | examplelongerbuteasy |
Recommendation: Use 4 random words for a long password
lowercase: a – z
uppercase: A – Z
numbers: 0 – 9
symbols: + – ~ ! @ # % & ( ) . < > ? ; [ ] { } _ ^ = | / (space not allowed)
No. Users may continue to use their current eight (8) character UTORid password. The new rule will only apply if the user decides to voluntarily change their password or if the password is forgotten and requires a reset.
We encourage all users in the community to regularly change their passwords and take advantage of this new feature to strengthen their password.
Users who wish to voluntarily change their password may go to the UTORid Account Management page at https://www.utorid.utoronto.ca/ . Please note that users will need to know their existing password to change their password with the new rules.
Information Technology Servies also released a new UTORid Account Recovery (password reset) tool for faculty, staff, students and alumni. We encourage the community members to sign up for the new service to enable easy password reset via alternate email or SMS (text) in the event the password is forgotten. For more information on this service, please go to the UTORid Account Recovery announcement or service page.