Thursday, 18 February 2021

Changes to password policy

As part of ongoing improvements to information security, the University's Password Policy has changed – passwords need to be longer, however they'll require less complexity. They'll also need to be changed every 365 days.

Over the coming weeks, if you have not changed your password within the last 365 days you will receive an email from IS advising you to change your password and update the password on all your devices.

We strongly recommend you change your password now (or at a time that is convenient for you) to avoid being forced to change your password at a time when you might require access to online services.

You should also give yourself time to update the password on all of your devices - your account can become locked if even one device still has the old password saved on it.

What do I need to do?

Change your password to meet the requirements of the new Password Policy.

The main changes are:

  • The minimum password length has changed to 15 characters.
  • There will no longer be complexity requirements, i.e. you won't need to use a mixture of upper and lower case letters, digits and special characters.
  • Passwords will expire every 365 days, and must be changed whenever they are suspected of being, or known to be compromised.

Although the number of characters has increased, the removal of complexity means that you can use passphrases or random words to generate your password which will make it easier to remember – guidance on what makes a good password can be found on our Staying Safe Online page.

Further security enhancements coming soon

Multi-Factor Authentication (MFA), also known as second factor authentication will soon be activated on your University account.

If you use mobile banking you will probably be familiar with Second Factor Authentication – you may need to enter your login details and then use your device to generate a code to verify your identity and access your account.

Further information about MFA is coming soon, in the meantime you can prepare for MFA by logging in to the Self-Service Password Reset Service and ensuring you have registered a mobile device or have downloaded and are registered to use the Microsoft Authenticator app.

Where can I find further information?

Further information about your password can be found on our Staying Safe Online pages. If you have any questions or concerns please do not hesitate to contact the IS Service Desk in the first instance.