Why do you need to know about this?
The passwords that give you access to your University account or University systems must be kept secure in order to protect University information, and to protect your account from misuse by others. This standard explains how the University expects you to treat your password, and the minimum standards that apply when setting a password.
What do you need to do?
- Keep passwords confidential.
- Ensure your password is at least 10 characters long, has a mix of random letters, numbers and special characters and is not easy to guess.
- Ensure that if your device does not support passwords, it is protected by a PIN code of at least 6 digits (where possible) that cannot be easily guessed.
- Ensure that any device used to process or store University information (e.g. your email) is protected with a password or PIN code that complies with the requirements for length and complexity, even if this is your personal property.
- Change shared account passwords promptly if someone leaves or changes role.
- If you need to store a copy of your password, make sure it is kept secure, e.g. in a locked safe for a physical copy, or an approved electronic password safe for an electronic copy.
- Share your password with anyone else.
- Use the same password for multiple accounts / systems.