When you choose a password you should make it personally memorable but difficult for others to guess.
Make sure that your password comprises at least 8 characters but do not use special characters as they may not be recognised by some systems and keyboards overseas may differ to UK ones;
- Choose one that is easily remembered;
- Never write your password down;
- Immediately change your password if you think that it has been revealed to anyone else or compromised;
- Never use your user name as your password in any form;
- Never use your surname or given name in any form;
- Don't use any information about you that is easily obtainable, such as your car registration number, your birthday, your child or pets name, your favourite holiday destination or your favourite sports team or hobby;
- Don't use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.;
- Avoid the use of an ordinary word preceded or followed by a digit (e.g., secret1, 1secret);
- Don't change your password by simply adding a number every time you have to change it;
- Don't reuse or recycle your password;
- Never lend your password to friends or share it with anyone;
- Never use the same password for both your university and private computer accounts, such as on-line banking, Facebook etc.;
- Don't use the 'Remember Password' feature of websites and applications.
If someone demands a password, refer them to this guidance or have them call the Information Security Co-ordinator.
In addition, make sure that your password is:
- Private - it is used and known by you only - you wouldn't like it if your identity was stolen, so why give it away?
- Not shared, even with your secretary - if you have a secretary who has a need to access your emails or data, this can be facilitated through file permissions;
- Secret - it does not appear in clear text in any file or program in any medium.
Use one of the following methods to create a memorable but strong password:
- Use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, the phrase might be: "this may be one way to remember" and the password could be: "tmb1w2r";
- Substitute one or more letters with a numeric character (e.g. I = 1, A = 4, S = 5, L = 7 or O = 0);
- Take two words and splice them together with one or more numeric characters,
- Take an ordinary word or phrase and change, delete or add alpha-numeric characters so that it becomes nonsensical or;
- For the strongest password, use a passphrase a number of words as in the example above and include the spaces between them as part of the password.
Protecting Your Passwords
- In order to ensure that both University data and your information are protected, system users are held responsible for safeguarding passwords and access identities. Passwords and identities must not be shared. System users are responsible for all use of information systems and technology and for any information stored or communicated using their identity or password.
- All individuals' usernames issued at the University are unique and are not re-used. Although usernames are not secret, they should be treated as personal. Details should not be divulged to others.
- Passwords on the other hand are secret and you are responsible for protecting your own. If you are the only one who knows your password your information is secure and the systems that you access are safe.
- Remember that a computer that is left unattended and logged in gives anyone access to information accessible to the authorised user. If a computer is left unattended, it should be shut down or locked through the use of a password access 'hot-key' or password-protected screen saver.