Choose a secure password

The University is changing its password policy. This affects what you can choose for your password. The new policy has been applied initially to staff, which means that different rules currently apply to IT accounts in the form and those in the form

Passwords you cannot use

  • Your username: Passwords must not contain your username, or more than two consecutive characters from your full name (if your name is "John Smith" then your password cannot contain "joh" or "ith"; however it could contain "jo" or "th").
  • Previous passwords: You cannot reuse a previous password – the system will compare your new password with passwords you have used before
  • Personal Information: Do not use personal information that someone else is likely to guess - for example family members' names or your phone number.
  • Easily identifiable passwords: Do not use passwords that are easy to identify when you type them in, such as sequences or repeated characters like 1234, 2222, abcd or adjacent keyboard letters like qwerty.
  • Incompatible non-alphabetic characters: Some non-alphabetic characters are not recognised by the password creating system and therefore cannot be used in your password (for example \, /, :, *, ?, ", <, >, |, £, $, €, È, Ü, ß).  These special characters are not set by IT Services but are reserved in programming language for specific functions.

If your IT account ends

Your Password:

  • must be a minimum of eight characters long
  • must contain characters from three of the following four categories:
    • UK English uppercase (A – Z)
    • UK English lowercase (a – z)
    • Numbers (0 – 9)
    • One or some of the non-alphabetic characters (for example !, #, %)

If your IT account ends

Your password:

  • must be a minimum of twelve characters long
  • may contain any combination of valid characters (there is no specific complexity requirement)
  • cannot be a password the system detects as weak e.g. passwordpasswordpassword

Setting a strong password

  • To help you set a strong password and remember it, we recommend that you use a combination of three random words to make up the required minimum 12 characters

Other systems

There are similar rules in place for passwords on other systems that we provide, although due to technical limitations they are not identical to the above.