Main Help Menu | Close window

How do I create an acceptable password?

To create an acceptable password, make sure it:

  • has a minimum of 14 characters
  • contains characters from at least three of the four groups below:
    • upper case letters e.g. A,B,C....
    • lower case letters e.g. a,b,c....
    • numbers eg 0,1,2,3....
    • special characters e.g.!@#$%^*()_+-=[]{}? (Do not use ' " & \ < >)
  • does not contain any part of your name i.e. your first, middle or surname
  • does not contain your staff or student number
  • is not a password you have already used recently

Note that passwords are case sensitive.


Passphrases are stronger and are recommended because they are easier to remember while being harder to crack. To make a strong passphrase:

  • Pick four random, unrelated words
  • Avoid personal references (e.g. no pet names, birthdays or favourite characters)
  • Use separators like hyphens (-) or other allowed special characters (e.g. $) including space
  • Capitalise one word or each of them
  • Replace a letter with a number, e.g. "Banana-Coast-Symphony-Ton1ght" or "Fuzzy alien monkey scribbl3" (do not use these actual examples)

HOW DO I PROTECT MY PASSWORD?

Once you have a solid password or phrase, to keep it secure:

  • Do not re-use the same password for University accounts and non-University accounts (e.g. personal email or bank accounts)
  • Do not reveal your password to anyone, including supervisors or coworkers, even while on holiday. This includes via phone, text, email and web forms. IT Service Desk representatives will never ask for your password.
  • Do not talk or hint about your password in front of others (e.g. "my pet's name")
  • Do not write passwords down or store them anywhere in your office
  • Do not store passwords in any file on any computer system, excepting authorised specialised storage solutions as described in the Cyber Security Policy
  • Credentials should be created and managed only by yourself via the password reset portal
  • If you suspect or find that one of your accounts or passwords has been compromised then you must report this to the IT Service Desk immediately

For shared or public devices, extra care is required. You must:

  • Not store your username or passwords in shared internet browsers
  • Log out of any websites or online systems that required your password
  • Ensure any credentials or other sensitive form data are cleared from the cache

Note University-owned devices will not synchronise if disconnected from the University network, so it is recommended passwords are changed prior to any extended period of absence (e.g. travel).

This advice has been developed from guidelines on the ACSC website and NIST SP 800-63.



Additional self-service information can be found at MyIT Portal.