Password rules are changing

As part of our ongoing commitment to achieving Cyber Essentials Accreditation, we are strengthening our university network password rules.

Our current security settings require a minimum of six characters and staff/PGRs must change their password once a year. It is not possible to use your previous two passwords when changing.

In future, your password is going to have to be longer but staff/PGRs will only have to change it once, as we will no longer force a password change every year. The rules are due to change on Wed 3rd July and you will then have a year to comply. After 3 July 2020, you will never be prompted to change your password unless you have compromised your account.

All new staff and students going through the account discovery process will need to set a more secure password from Wed 3rd July 2019.

New Password rules:

  • The password length will increase from a minimum of 6 characters to a minimum of 12 characters. Each password will have to have at least one of the following: upper case letter, lower case letter and number.
  • Annual password change (staff and PGRs) will no longer be required (after 3 July 2020)
  • Passwords will be changed by each user on the existing anniversary of your last password change over the course of the year.
  • All users will need to provide a personal recovery email address – This will be the new mechanism for password recovery (We will only use this address to send password recovery emails) – Staff – If you have not provided a personal email address you can do this by logging on to the portal and then clicking on ‘Set personal email address’ in the ‘My staff life’ section. Postgraduate Research students – If you have not provided a personal email address you can do this by logging on to the portal and then clicking on ‘Set secondary email address (for account recovery)’ in the ‘I want to’ section. *From Wed 3rd July 2019, your recovery email address will be visible at the top left of your portal view under your name along with a link to change/set a recovery email address.

Your responsibilities as a University network user:

  • Set a strong password – see advice below
  • Keep your password secret.
  • Use your University password only for your University account.
  • Inform Information Services if you think that your password may have been compromised.
  • Change your password if required to do so by Information Services.
  • If required to change your password, do not reuse any previously used passwords.

Advice on how to set a long password that you’ll remember
See our advice page

Leave a Reply

Your email address will not be published. Required fields are marked *