Password guidelines for users of University IT services

Passwords are used to identify who you are in the digital world

Passwords are essential to protect your information from cyber criminals, therefore they should be a secret that only you know.

This guide helps you create and maintain strong passwords to keep you and your information safe online.

Step 1: Create a strong password

Weak passwords are easy for criminals to guess. Criminals use automated software that can guess billions of passwords per second. The key thing to remember when creating a password is that the more complex and longer it is, the stronger it is!

Meet University password requirements:

  • Must contain 8 characters or more
  • Must contain at least one a upper case character
  • Must contain at least one lower case character
  • Must contain at least one number
  • Must contain at least one special character, such as "#$%&'()*+,-./:;<=>[email protected][\]^_`{|}~ 
  • Must not be easily guessed or be a password often found in leaked accounts
  • Cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters

Step 2: Protect your password

Keeping your passwords secure is important, because if someone else gets access to this information, they may also have access to everything you do online. They could steal or alter sensitive University data, impersonate you and even commit cyber-crime under your name.

Meet University password requirements:

  • Change your password every 6 months. It can help contain the consequences of a data breach you may not even be aware of
  • Do not provide your password in response to a phone call or email. University IT or other reputable service providers will never ask for your password
  • Ensure nobody is watching you type your password. Also as a matter of courtesy, turn away when someone else is entering their password
  • Enable multi-factor authentication (MFA), e.g. use of a password, as well as a code sent to your phone, to stay safe even when your password gets compromised. For more information, visit our Staff MFA or Student MFA site as appropriate.

Consider our tips for enhanced security:

  • Do not use the same password for multiple University and personal accounts
  • Consider passphrases made up of multiple words to create passwords of 12 characters or more, yet more memorable. The phrase “My Password is Strong” can be converted to “My.Passw0rd.Is.Str0ng!”
  • Avoid using a single dictionary word, personal information or your user name as your password as it makes guessing your password even easier
  • Never use any example passwords given in this web page or similar documents

Step 3: Know what to do when your password gets compromised

At some point, you will likely be affected by a data breach. Knowing how to respond, will save you time and can prevent more serious consequences.

Meet University password requirements:

  • If you think your password may have been compromised, change it immediately: Easy ways to change your Pheme password
  • In an event where you suspect your University accounts or password may have been compromised, contact University IT immediately
  • Contact University IT Service Desk for any questions and to report suspicious behaviour, security vulnerabilities or breaches