Passwords and passphrases

Introduction

This Directive from Concordia University outlines guidelines for creating and using strong passwords and passphrases to safeguard information systems and data. The Directive aims to establish a standard for the secure creation and use of passwords and passphrases.

Why is this required? The Chief Information Security Officer issued this Directive under the Information Security Policy (VPSS-33). VPSS-33 is adopted in accordance with the Directive sur la sécurité de l’information gouvernementale (section 7) which requires public bodies to adopt and implement a policy on the security of information.

What this means for you

Concordia requires the following actions for passwords and passphrases:

• Strong passwords/passphrases according to Concordia information system minimum requirements. (ex., passwords must be a minimum of 12 characters long)  

• Compliance with Directives around protecting passwords and passphrases. 

•  Compliance with Directives around password managers, biometric alternatives, and touchscreens.  

Feedback

The Chief Information Security Officer is responsible for implementing, reviewing, and approving this Directive and for conducting regular reviews to ensure compliance with internal and external requirements. If you have any feedback or questions about this Directive, please email ciso@concordia.ca

For accessibility-related questions or feedback related to IT security incidents, email iits-accessibility@concordia.ca.