What makes a good password?

The Edinburgh Napier Password Policy requires that passwords meet the following criteria:

  • Must be at least 15 characters in length
  • Must not contain your name or Edinburgh Napier number
  • Must not contain obvious words such as “napier” or “password”
  • Must not contain any line of consecutive numbers (e.g. 123) anywhere within your password 
  • Must not be the same as any previous password used. 


When setting your password the Self-Service Password Reset (SSPR) service will ensure it meets the University's password criteria, but here’s some additional guidance to help you make it even more secure:

  • Choose 3 random words.  Numbers, symbols and combinations of upper and lower case can be used if you feel you need to create a stronger password, or the account you are creating a password for requires more than just letters.
  • Avoid choosing an obvious password, such as a combination of the season and the year, or anything which includes information about you that’s easily discoverable – memorable names, dates, locations, etc. Ideally your password should be indistinguishable from anybody else’s – there shouldn’t be anything in it that obviously links it to you.
  • Certain words and sequences make for very poor passwords – things like ‘password’ and its variants, ‘letmein’, ‘football’, ‘12345678’ or any other predictable pattern of keys on your keyboard. When you set your password, the SSPR service will check what you entered against a list of weak passwords and will prevent you from proceeding if there’s a match.
  • Ensure that you use a unique password for your University account, different to any other passwords you may have for home or work purposes. This helps to limit the extent of any damage if one of your other accounts is breached.
  • Protecting your University account password is essential, as it grants access to several important systems including your HR information and student records. You should memorise your University password and never write it down or reveal it to anyone else.
  • If you need to use several different accounts for work, consider using a password manager application (sometimes called a password vault) to generate, store and autofill unique passwords for each account. Information Services does not currently provide a password manager application as part of our standard desktop service, so if you decide to use one we would strongly suggest that you stick to the market leading products – 1Password, Dashlane or LastPass.
Find out more about Staying Safe Online