Use passwords and keep them safe
When you choose passwords you should make them personally memorable, difficult for others to guess, and different to any passwords you use for systems outside the University.
Protect your Password
Immediately change your password if you think that it has been revealed to anyone else or compromised.
- You are responsible for safeguarding your username and password, never share these with anyone
- You are accountable for all activity associated with your account, including information accessed, stored or communicated
- Anyone can access your data if you leave your computer or device logged in and unattended. Always lock or log out of your device if you have to step away
- Never use the same password for your university account as you use with a personal account, such as online banking, social media etc
- Don't use the 'Remember Password' feature of websites or applications
- Never write your password down
- Scammers may try to trick you into revealing your username & password via phishing emails or phone calls
Strong Passwords
Your password needs to be at least 8 characters long, and include upper and lowercase characters and numbers. Bear in mind that not all systems accept the same special symbols (!£$% etc).
Choose a password that is easily remembered but difficult to guess. Suggestions include:
- Using two unrelated words joined together with numbers replacing some letters
Common substitutions I = 1, A = 4, S = 5, L = 7, O = 0
Examples: EggFenc3, PopGRA55, SOF4train - Using first letter of each word in a memorable phrase, song title, or lyric
Example: "This may be one way to remember" becomes the password Tmb1w2r - Skip certain letters in a phrase or word combination
Examples: JllyRtten4U, DdYouMssM3, RULonsom2n8
Bad Passwords
Scammers may try to guess your password:
- Using information about you that is in the public domain or obtained via social engineering
- From hacking other sites
- By working down a list of common passwords
- Using a brute force attack which uses words from the dictionary, and common letter substitutions
This is why you should never base your password on:
- Your username
- Your first or last name, or nickname
- Your car registration, birthdays, significant dates, names of family or pets, favourite destinations, sports or hobbies
- A number or keyboard patterns like aaabbb, qwerty, zyxwvuts, 1234567, 123321, etc
- Words like "password", "secret", the current month or any variation on these
- An ordinary word preceded or followed by a digit (e.g., 2Rabbits, 1Direction, Whatever4)
- A previous password with an incrementing number (e.g. SamePassword2, SamePassword3)