Selecting a strong password and managing it securely

Your password is both your electronic identity and the key which you use to access University data. It is your responsibility to select a strong password and to manage it securely as you are personally accountable for its use.

The following guidance will help you choose a strong password and manage it securely.

Do:

  • Choose a password that has at least 8 upper and lower case letters and numbers, and which is personally memorable but difficult for others to guess;
  • Immediately change your password if you think that it has been revealed to anyone else or compromised;
  • Check that it does not appear in clear text in any file or program;
  • Grant file permissions if a secretary, PA or other person requires access to your data, for example to cover leave or after you have left University employment (contact the IT Service Desk if you are not sure how to do this);
  • If someone demands a password, refer them to this guidance or ask them to call the University Information Security Co-ordinator.

Don't:

  • Ever write your password down;
  • Use the same password for both your University and private computer accounts, such as on-line banking, Facebook etc.;
  • Be fooled into giving your password away. You may occasionally receive scam emails that appear to have sent by IT telling you that your mailbox is full, or that there is a problem with your account etc, but the University will never ask you for your password;
  • Use special characters - they may not be recognised by some systems, and keyboards overseas may differ to UK ones;
  • Use your user-name, surname, or given name, as your password in any form;
  • Use any information about you that is easily obtainable, such as your car registration number, your birthday, your child or pets name, your favourite holiday destination or your favourite sports team or hobby;
  • Use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc;
  • Change your password by simply adding or incrementing a number every time you have to change it;
  • Reuse or recycle your password;
  • Lend your password to friends or share it with anyone including your secretary or PA;
  • Use the 'Remember Password' feature of websites and applications;
  • Use an ordinary word preceded or followed by a digit (eg, seCret1, 1seCret).

Tips

Use one of the following methods to create a memorable but strong password:

  • Use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, the phrase might be: "this may be one way to remember" and the password could be: "Tmb1w2r";
  • Substitute one or more letters with a numeric character (eg I = 1, A = 4, S = 5, L = 7 or O = 0);
  • Take two words and splice them together with one or more numeric characters;
  • For the strongest password, use a ‘passphrase’ – a number of words as in the example above and include the spaces between them as part of the password.

Remember

A computer that is left logged on and unattended gives anyone access to information which is accessible to the authorised user, and allows others to use the account of user for malicious purposes.

If a computer is left unattended, it should be shut down or locked through the use of a password access 'hot-key' or password-protected screen saver.