Password Security

As a member of the William & Mary community, your password safeguards your privacy and personal information along with institutional data. The passwords that we all use to access College computing systems (email, Banner, Blackboard, etc...) should be as secure as possible.

What you can do
  • Don't share your account and password with anyone.
  • Don't write your password down.
  • Use different passwords for different services.  
  • Change your password often, ideally more often than the required 12 month interval.
  • Be aware of phishing.
How you can create an effective password
  • Use at least eight characters.
  • Remove all the vowels from a short phrase. Example: llctsrgry ("All cats are gray")
  • Use an acronym. Choose the first or second letter of your favorite quotation. ("itsotfitd" for "It's the size of the fight in the dog")
  • Mix letters and non-letters in your passwords (numbers and punctuation characters on the keyboard).
  • Transform a phrase by using numbers or punctuation ("Idh82go" for "I'd hate to go" or "UR1drful" for "You are wonderful").
  • Avoid choosing a password that spells a word. But, if you must, then introduce "silent" characters into the word ("va7ni9lla").
  • Deliberately misspell the word or phrase ("choklutt").
  • Add random capitalization to your passwords. Capitalize any but the first letter. ("eIeIoH!" or "o.U.Kid")
  • Don't use your first, middle, or last name in any form.
  • Don't use a word contained in any dictionary. Masking these words by replacing letters with numbers is not sufficient protection.
  • Don't put non-alphabetic characters at the beginning or end of words. Passwords like 7laptop or rockiesx are easily guessed by password guessing programs.
Concerned about your password?

If you think someone may have guessed your password, or you shared it, or if your account has been compromised, you should change your password immediately!  If your account has been compromised due to phishing, forward the phish email to [[abuse]].

 
Annual Password Update

Your WMuserid password can be updated an any point, but must be updated annually.  You will be sent reminder emails as the date approaches.  Use the link on it IT Homepage to access the Change Password system or go directly to https://changepassword.wm.edu/wm/.

 
Duo Two-Factor Authentication

Duo is William & Mary's two-factor authentication service. Two-factor authentication provides an additional level of security to help protect against increasingly sophisticated security threats.  It uses your W&M credentials plus a secondary authentication method (like a cell phone or office phone) to confirm your identity.

If you are not already enrolled in Duo, enroll now at 2f.wm.edu.  Detailed enrollment instructions can be found on W&M IT's Duo website.

ENROLL IN DUO

For additional password support or questions about password protections, contact the Technology Support Center at [[support]] or 757-221-4357.