Menu

Choose a secure password

Choosing a secure password prevents unauthorised access to your University IT account and provides essential protection for information stored on your account and University systems being compromised. The University’s password policy aligns with the recommendations of the Government’s National Cyber Security Centre (NCSC) to mitigate against these kinds of risks.

Your password

  • must be a minimum of twelve (12) characters long
  • may contain any combination of valid characters (there is no specific complexity requirement)
  • cannot be a password the system detects as weak e.g. passwordpasswordpassword

Tip - To help you set a strong password and remember it, we recommend that you use a combination of three memorable words to make up the required minimum 12 characters.

Passwords you cannot use

  • Your username: Passwords must not contain your username, or more than two consecutive characters from your full name (if your name is "John Smith" then your password cannot contain "joh" or "ith"; however it could contain "jo" or "th").
  • Previous passwords: You cannot reuse a previous password – the system will compare your new password with passwords you have used before
  • Personal Information: Do not use personal information that someone else is likely to guess - for example family members' names or your phone number.
  • Easily identifiable passwords: Do not use passwords that are easy to identify when you type them in, such as sequences or repeated characters like 1234, 2222, abcd or adjacent keyboard letters like qwerty.
  • Incompatible non-alphabetic characters: Some non-alphabetic characters are not recognised by the password creating system and therefore cannot be used in your password (for example \, /, :, *, ?, ", <, >, |, £, $, €, È, Ü, ß).  These special characters are not set by IT Services but are reserved in programming language for specific functions.

Other systems

There are similar rules in place for passwords on other systems that we provide, although due to technical limitations they are not identical to the above.