Choosing a strong password
Protect your data by setting strong passwords.
Make it strong
Having a unique, strong password and maintaining its confidentiality is vital to secure your IT account.
Please note the following points when choosing a password:
- Ensure that your password is 12 characters or longer
- Use upper case, lower case, numbers and at least 2 special characters (such as - ! ‘ + ^_ / ?)
- Don’t use personal information or information that other people may find easy to guess. For example, your favourite sports team or your date of birth
- Ensure that your password is unique from all other passwords you use
A good way to create a strong and memorable password is to use three or four random words alongside numbers and symbols, for example:
These 4 random words, plus a number and 2 special characters, amounts to a password that is 29 characters long which is very secure, but also memorable. Please do not use this example as your password.
When setting a new password for your University IT account, your chosen password is checked against a list of passwords that have been previously exposed in third party data breaches. Any password that is on this list is visible publicly and is therefore not safe to use no matter how long or complicated it is. If you are informed that your chosen password is on this list, you must choose a different password.
Once you’ve created a strong password you must protect it:
- Don’t share it with anyone
- Don’t write it down, instead use a password manager
- Use different passwords for your University and personal accounts. If someone is able to figure out one of your passwords, they won’t be able to access everything from your University email to your online shopping!
- Cover your fingers and keyboard when typing your password in public
- Do not reply to or click on links in emails that ask you for your password
How to set your university password reset questions and answers
The IT Accounts service allows you to set four questions and answers that you can use if you forget your password.
Please note: You do not need to enter real data, such as dates of birth. Just enter information that you can remember. You may wish to add this information into your password manager.
Consider using a password manager
Secure password managers allow you to keep track of all your different passwords, so you do not need to reuse the same password across different sites or services. Examples of password managers are Keepass, Keeper, 1Password, LastPass and Dashlane.
You just need to remember one master password for the password manager in order to access all your passwords. You can then have a unique password for each website or service that you access. If one is compromised, you will not need to change your password everywhere else.
Please note that password managers cannot be used to automatically login to desktops or laptops.