• Guides and help
• Tools, software and services
• Service status
• IT security
  • Spam and phishing email
  • Virus and malware help
  • Keeping your computer up to date
  • File security
  • Protecting confidential data
  • P2P applications
  • Secure PC disposal
  • Passwords
    • How to change your password
    • Choose a strong password
    • Password policy
    • Password managers
  • Two-factor authentication
  • Usage advice for cloud services
  • Monitoring internet usage
  • Remote security
  • Screen lock
  • Network settings & firewalls
  • Using University IT facilities overseas
  • Vulnerability disclosure policy
  • Contact CERT
  • MetaCompliance
• IT training
• About us
• Contact us

Choose a strong password

Password managers

It can be a challenge to keep track of the different passwords required to access websites, services and systems.

We recommend using a password manager to store your passwords securely.

For more information see:

• Password managers

Tips for choosing a password

Choosing a strong password can seem tricky - a weak password will be easy for people or automated attack tools to work out, while a strong one may seem hard to remember.

One way of creating a strong but memorable password is to take a phrase known only to you, use the first letter of each word, plus add at least one number and one upper case letter.

For example, the phrase "I have a black cat and he's five years old" would create the password Ihabcah5yo.

Remember the phrase and you'll be able to remember your password.

Guidelines for choosing your IT Services password

The following guidelines apply for your IT Services password:

It must:

• be 9 to 72 characters
• contain a mix of upper and lower case letters and at least one number or punctuation symbol
• contain at least one letter

It must not:

• contain your username
• be your current password or a password you have used in the past
• be your initial password
• be based on a dictionary word
• be obvious or based on easily discoverable information (such as the name of your favourite team)
• be used on any of your other accounts
• be similar to passwords you have used elsewhere or previously (eg password1, password2, password3 etc)

If your password is more than 20 characters long, we relax the restrictions about requiring mixed case, special characters, and not containing dictionary words. This allows you to create complex but easy to remember passwords from four or more uncommon but memorable words.

Avoid using common letter/number substitutions (eg swapping '3' for 'E' or '1' for 'L' or 'l').

Tools that are used to crack passwords check these variations automatically so they do not make the password stronger.

The University's systems will reject passwords that are based on a dictionary word with just these changes.

Note: For security reasons, our password management system prevents the reuse of passwords.