Help to Protect Passwords by setting strong unique passwords and never sharing them, you can find out more about the Universities password policy here.
Practice good password hygiene
- Cyber criminals know that people often reuse email addresses and passwords across multiple websites and online services.
- If a cyber criminal discovers your email address and password for one particular service, they’ll try to login to other services using those same account details.
- Always use unique passwords for your important accounts, such as email, social media and financial services.
- Consider using a Password Manager to generate and store unique passwords for all of your websites and online services.
Passwords shouldn’t be guessable
- Your password should be memorable, but hard for someone else to guess – whether or not they know anything about you.
- Avoid using single dictionary words, predictable sequences, patterns of keys on the keyboard or memorable names, dates or locations.
- If you need to write a password down, make sure that you don’t leave it in a place where someone else can find it.
- Pick a password which hasn’t previously appeared in a data breach, by checking it with a service like Pwned Passwords.
Passwords should be kept secret
- Your passwords are used to uniquely identify you, so anyone who’s able to use them can act as if they were you.
- Don’t reveal your passwords to anyone else – family, friends, co-workers or IT staff.
- Be aware of who’s watching when you’re entering a password.
- Consider using a Password Manager to generate and store unique passwords for all of your websites and online services.
Keep your passwords healthy
- Over time, computers get faster at guessing passwords – so the rules that define “strong” passwords have to change over time too.
- From time to time, we’ll have to ask you to update your passwords to keep them safe.
- Longer passwords are generally stronger passwords.
- Websites and online services are increasingly making Multi-Factor Authentication (MFA) available to users – you should make use of this wherever it’s available.
Take action if your passwords are compromised
- Change a password immediately if you suspect that it has been revealed to or discovered by another person.
- Report any concerns about your University password security to the IS Service Desk, so that they can take action if necessary, to protect your account.
- Make use of data breach notification service like HIBP, which will notify you if your details appear in any exposed data breaches.
- If you’re unsure about the best way to protect your passwords, ask the IS Service Desk for advice.