Use Strong Passwords

Practise good password hygiene

  • Cyber criminals know that people often reuse email addresses and passwords across multiple websites and online services.
  • If a cyber criminal discovers your email address and password for one particular service, they’ll try to login to other services using those same account details.
  • Always use unique passwords for your important accounts, such as email, social media and financial services.
  • Consider using a Password Manager to generate and store unique passwords for all of your websites and online services.

Passwords shouldn’t be guessable

  • Your password should be memorable, but hard for someone else to guess – whether or not they know anything about you.
  • Avoid using single dictionary words, predictable sequences, patterns of keys on the keyboard or memorable names, dates or locations.
  • If you need to write a password down, make sure that you don’t leave it in a place where someone else can find it.
  • Pick a password which hasn’t previously appeared in a data breach, by checking it with a service like Pwned Passwords.

Passwords should be kept secret

  • Your passwords are used to uniquely identify you, so anyone who’s able to use them can act as if they were you.
  • Don’t reveal your passwords to anyone else – family, friends, co-workers or IT staff.
  • Be aware of who’s watching when you’re entering a password.
  • Consider using a Password Manager to generate and store unique passwords for all of your websites and online services.

Keep your passwords healthy

  • Over time, computers get faster at guessing passwords – so the rules that define “strong” passwords have to change over time too.
  • From time to time, we’ll have to ask you to update your passwords to keep them safe.
  • Longer passwords are generally stronger passwords.
  • Websites and online services are increasingly making Multi-Factor Authentication (MFA) available to users – you should make use of this wherever it’s available.

Take action if your passwords are compromised

  • Change a password immediately if you suspect that it has been revealed to or discovered by another person.
  • Report any concerns about your University password security to the IS Service Desk, so that they can take action if necessary to protect your account.
  • Make use of data breach notification service like HIBP, which will notify you if your details appear in any exposed data breaches.
  • If you’re unsure about the best way to protect your passwords, ask the IS Service Desk for advice.