Password tips and advice
Your username and password give you access to your University IT account (sometimes also referred to as you University Microsoft 365 account).
It is important that:
- Your password is secret and safe - don't tell anyone and don't write it down anywhere
- Your password is strong - don't let it be easily guessed
- Your password is solely for university systems - don't share it with other accounts
Keeping your password secret
If you have accidentally told someone your password or think someone may have it, you must change your password immediately. Find out how to change your password.
Keeping your password strong
Strong passwords are good passwords because they are difficult to guess. The password changer insists on strong passwords to help protect you, it ensures they are long and sufficiently complex. Your password must be:
- At least ten characters long
- Have both uppercase and lowercase letters
- Have digits or punctuation as well as letters
Your password must not solely be made up of:
- Anybody's name
- Any information relating to you or anybody else (birthday, NI number, car registration, star sign, etc.)
- A single word found in a dictionary in any language
- Any of these spelt backwards
- Any of these followed or prepended by a single digit
- Only these characters: £ | # " ' `
How to choose a strong password
There are many strategies to pick a password, like using a short sentence:
| What to do | Example |
|---|---|
| Start with a short sentence | I want a strong password |
| Remove the spaces between the words | Iwantastrongpassword |
| Add odd capitals and misspell or use shorthand | IwntAstrONGpasswd |
| Add numbers that are meaningful but not your birthday | IwntAstrONGpasswd28 |
Or you can start with a longer sentence or phrase:
| What to do | Example |
|---|---|
| Start with a long sentence | All I want this new year is a really strong password |
| Keep only the first letter of each word, and use a mix of upper and lowercase letters | AIwtNYiarsp |
| Add special characters or numbers | AIwtNYiarsp25? |
Bite-sized online courses available
Members of staff can learn more about passwords and how to protect yourself from cyber crime in both your personal and work lives via our bite-sized cyber security training.
Password Managers
Using a Password Manager can help you to create and manage your passwords – staff can review the Password Manager bite-sized course to find out more.
If you wish to use a Password Manager for your University-related log ins or shared access needs, your options are to:
- Purchase a licence via DDaT for the University’s approved and centrally-managed Password Manager.
- Source your own Password Manger from a reputable provider.
University approved and managed service - 1Password
1Password offers features such as one-time sharing, secure storage, and Single-Sign On (SSO).
DDaT manages licences and offers support for 1Password, including the ability to manage access if someone leaves or moves roles.
To purchase a licence, please submit an IT request via TOPdesk, and we will confirm current costs (approx. £80/year per user) and next steps.
Using an alternative Password Manager
There are many free Password Managers available, but you’ll need to make sure that you choose one from a reputable provider, and that it's reviewed for security risks before downloading.
Currently, DDaT’s recommended and security-reviewed free Password Manager is the KeePass open source Password Manager.
Please be aware that if you use an alternative password manager for your University account and logins, DDaT cannot offer any support or recover access.
It is your responsibility to make sure that access, especially for shared vaults, is reviewed and managed regularly. This includes removing access when users move roles or leave the University.
We’d therefore recommend your Password Manager/vault is stored within a University storage location (such as your University OneDrive, or your departmental storage area if it’s a shared vault). This is because your access to these storage locations stops when you leave the University.