Password Safety

Keep it secret!

  • Don’t reveal your passwords to anyone else – family, friends, co-workers or IT staff.
  • Be aware of who’s watching when you’re entering a password.
  • Your passwords are used to uniquely identify you, so anyone who’s able to use them can act as if they were you.
  • Remember: You’re accountable for all activity associated with your University account, including when someone else is using it.

Keep one step ahead!

  • Change a password immediately if you suspect that it has been revealed to or discovered by another person.
  • Report any concerns about your University password security to the IS Service Desk, so that they can take action if necessary to protect your account.
  • Make use of data breach notification services like HIBP, which notify you when (not if!) your details appear in data breaches.
  • If you’re unsure about the best way to protect your passwords, ask the IS Service Desk for advice.

Keep it unique!

  • Cyber criminals know that people often reuse email addresses and passwords across multiple websites and online services.
  • If a cyber criminal discovers your email address and password for one particular service, they’ll try to login to other services using those same account details.
  • Always use unique passwords for your important accounts, such as your University account, your personal email and online banking.
  • Consider using a Password Manager to generate and store unique passwords for all of your websites and online services.

Keep them guessing!

  • Your password should be memorable, but hard for someone else to guess – whether or not they know anything about you.
  • Avoid using single dictionary words, predictable sequences, patterns of keys on the keyboard or memorable names, dates or locations.
  • If you need to write a password down, make sure that you don’t leave it in a place where someone else can find it.
  • Pick a password which hasn’t previously appeared in a data breach, by checking it with a service like Pwned Passwords.

Keep it modern!

  • Over time, computers get faster at guessing passwords – so the rules that define “good” passwords have to change over time too.
  • From time to time, we’ll have to ask you to update your passwords to keep them safe.
  • Longer passwords are generally stronger passwords.
  • Websites and online services are increasingly making Multi-Factor Authentication (MFA) available to users – you should make use of this wherever it’s available.