Never Reveal your Password
IT Services staff will never request your password via phone or email. If anyone does request your password, you should seek advice from the IT Service Desk.
Use a Strong Password
The guidance below is the latest best practice for creating a strong password for your University account:
- Maintain a password that adheres to an 8-character minimum length requirement.
- Password strength is generally qualified in terms of the probability of a computer cracking it within a reasonable amount of time.
- While a longer password maybe stronger, password length should be balanced against whether it is memorable. When users forget their password, they will often choose a weaker password as a result.
- Character-composition requirements are no longer mandatory, e.g. use of upper/lower case, numbers, special characters, etc.
- Passwords (or passphrases) should be a combination of random common words and/or names that are meaningful to the end user.
- Do not use a single word (e.g. “princess”) or a commonly-used phrase (e.g. “Iloveyou”).
- Do not use a password that is the same or similar to one you use for another personal account, e.g. social media. If those accounts were hacked and password stolen, it would compromise your University account.
- Make your password hard to guess even by those who know a lot about you, e.g. avoid the names and birthdays of your friends and family, your favourite bands, phrases you like to use, etc.
- Change your passwords if you believe that your account has been compromised.
Note: You may be forced to change your password forthwith if IT Services suspects that your account has been compromised.
Turn on Two-Step Verification (or Multi-Factor Authentication)
- Where it is available, registration for two-step verification (or multi-factor authentication) is encouraged by providing additional security information about yourself.
- If you turn on two-step verification and then try to sign in via an unrecognized device, you will be asked for extra authentication in addition to your password.
- A new security code can be sent to your mobile phone as a text message or through a linked authenticator app installed on your smartphone.
- Two-step verification boosts account security by making it more difficult for hackers - even if they know or guess your password. It also improves the user experience through the ability to self-serve and remove the need to contact the IT Service Desk for password-related queries.
- Ensure you maintain your current security information, e.g. alternate email address or phone number) as this helps to verify your identity if you forget your password or if someone else tries to take over your account.