Staying safe online
Staying safe in the online world is increasingly difficult as threats become more sophisticated.
As an Edinburgh Napier student it is your responsibility to keep your account secure - when you joined the University you signed up to the Information Security Policies.
Your first line of defence is a secure password, you should also be wary of suspicious emails.
Here you’ll find lots of tips and guidance on how to stay safe online.
If you have any concerns about information security, no matter how small, you should contact the IS Service Desk.Read the Information Security Policies Find out how to contact the IS Service Desk
You use your University password to log in to the University network and online services.
When you started at the University you will have set your password and registered for the Self-Service Password Reset (SSPR) service.
Once registered you can:
- Reset a forgotten password at any time on or off campus.
- Change your password at any time.
Your University password must be at least 15 characters.Go to the Self-Service Password Reset page
Your Password Frequently Asked Questions
How do I register for the Self-Service Password Reset service?
To register for the University’s new Self-Service Password Reset Service:
- Go to: https://mypassword.napier.ac.uk and click on Register for Self-Service Password Reset service or go directly to: https://mysignins.microsoft.com/security-info
- If prompted, log in to your University Office 365 account using your Edinburgh Napier email address and password.
- Click Register a sign-in method and Add Method.
- Choose an option from the drop down menu and follow the on screen instructions to register your sign-in method.
- Further information can be found on the Microsoft website.
How do I change my University password?
You can change your password on or off campus at any time.
When you change your network password your email password will also be changed.
If you have registered for the new Self-Service Password Reset service (SSPR) you can change your password by:
- Visiting https://mypassword.napier.ac.uk/
- Clicking on the Change my Password button
- If prompted log in using your full Edinburgh Napier email address (staff email@example.com | students 4XXXXXX@live.napier.ac.uk), and existing password
- From the Microsoft website choose the Change my Password option
- Follow the on screen instructions to enter your existing password and enter a new password - remember your password must meet the Edinburgh Napier Password format (see separate FAQ).
How do I reset a forgotten password?
You can reset your password on or off campus at any time.
If you have registered for the new Self-Service Password Reset service (SSPR) you can reset your password by:
- Visiting https://mypassword.napier.ac.uk/
- Clicking on the Reset my Password button
- From the Microsoft website, in the User ID section enter your full Edinburgh Napier email address (staff firstname.lastname@example.org | students 4XXXXXX@live.napier.ac.uk)
- Follow the on screen instructions to reset your password - remember your new password must meet the Edinburgh Napier Password format (see separate FAQ).
What format does my University password need to be in?
The University's Password Policy requires your password to be in the following format:
- Must contain at least 15 characters
- Can contain lowercase letters, uppercase letters, numbers and symbols (including spaces)
- Must not be the same as any of the previous passwords used for your University account, or any other account belonging to you
- Must not contain your name or Edinburgh Napier number
- Must not contain words such as “napier” or “password”
Passphrases (sequences of words) and PINs (sequences of numbers) can also be used.
You will be prompted to change your password every 365 days, however it must be changed if it’s suspected of being, or known to be compromised.
What makes a good password?
When setting your password the Self-Service Password Reset (SSPR) service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:
- Choose 3 random words. Numbers, symbols and combinations of upper and lower case can be used if you feel you need to create a stronger password, or the account you are creating a password for requires more than just letters.
- Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
- Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the SSPR service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
- Ensure that you use a unique password for your University account, different to any other passwords you may have. This helps to limit the extent of any damage if one of your other accounts is breached.
- If you need to use several different accounts, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. If you decide to use one we would strongly suggest that you stick to the market leading products – 1Password, Dashlane or LastPass.
Think before you click - be aware of suspicious emails
Email is one of the most common routes for virus infection, malware, spam and other forms of malicious attacks.
Due to the increased risk of fraudulent emails you should avoid clicking on links or opening attachments from unknown senders.
You should also be cautious when opening emails from a known sender such as a Lecturer, in some cases scam emails appear to come from someone you know.
It’s important that you report all suspected or known cyber incidents, regardless of how minor you think they may be. The sooner we know about a potential incident, the quicker we can begin to do something about it.
To protect your work and email:
- Keep your password secret – don’t give it to anyone else.
- If you think someone else knows your password then change it immediately!
- Use a Password Manager.
- Always remember to log out at the end of a session.
- Lock your screen if you’re leaving a logged in PC unattended, even for a minute: Press the Windows Key and "L" at the same time and press Ctrl+Alt+Delete and re-enter your password to get back to your desktop session.
- Report any concerns about your University password security to the IS Service Desk.
More tips for staying safe online
Download the free McAfee Anti-Virus software
You can download the software by logging in to the Software Download Service.
Once logged in you’ll also find links to installation guides.
Read the Information Security Policies
These give guidance on protecting yourself and your data, you will have signed up for it when you started at the University.
As an Edinburgh Napier student you must adhere to the Information Security Policies.
Be careful what you publish on social media
The more information you post, the easier it is for a malicious user to steal your identity or take advantage of you.
Be wary of what information you publish on social media.
Use an approved University storage area
Save your data to an approved University storage area such as your personal data area (H: drive) or OneDrive.
These are protected by your University password.
Read the Fraud Facts for Freshers
The Student Loans Company (SLC) is encouraging students to be on their guard for phishing scams relating to loan payments.
Read the Student Loans Company’s Fraud Facts for Freshers which gives lots of good tips and guidance.
Keep up to date with information security news
You'll find current security news on the Get Safe Online website.