Selecting and Protecting Your Passwords

Selecting a Strong Password

1. When you choose a password you should make it personally memorable but difficult for others to guess:
   • Make sure that your password comprises at least 8 characters but do not use special characters as they may not be recognised by some systems;
   • Choose one that is easily remembered;
   • Never write your password down;
   • Immediately change your password if you think that it has been revealed to anyone else or compromised;
   • Never use your user name in any form as your password;
   • Never use your surname or given name in any form;
   • Don't use any information about you that is easily obtainable, such as your car registration number, your birthday, your child or pets name, your favourite holiday destination or your favourite sports team or hobby;
   • Don't use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.;
   • Avoid the use of an ordinary word preceded or followed by a digit (e.g., secret1, 1secret);
   • Don't change your password by simply adding a number every time you have to change it;
   • Don't reuse or recycle your password;
   • Never lend your password to friends or share it with anyone, including administrative assistants or secretaries;
   • Never use the same password for both your university and private computer accounts, such as on-line banking, Facebook etc.;
   • Don't use the 'Remember Password' feature of applications.
   If someone demands a password, refer them to this Policy or have them call the Information Security Co-ordinator.
2. In addition, make sure that your password is:
   • Private - it is used and known by you only - you wouldn't like it if your identity was stolen, so why give it away?
   • Not shared, even with your secretary - if you have a secretary who has a need to access your data, this can be facilitated through file permissions for both Exchange and File Store;
   • Secret - it does not appear in clear text in any file or program in any medium.
3. Use one of the following methods to create a memorable but strong password:
   • Use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, the phrase might be: "this may be one way to remember" and the password could be: "tmb1w2r". (Please do not use this example).
   • Substitute one or more letters with a numeric character (e.g. I = 1, A = 4, S = 5, L = 7 or O = 0);
   • Take two words and splice them together with one or more numeric characters, or;
   • Take an ordinary word or phrase and change, delete or add alpha-numeric characters so that it becomes nonsensical.

Protecting Your Passwords

In order to ensure that both University data and your information are protected, system users are held responsible for safeguarding passwords and access identities. Passwords and identities must not be shared. System users are responsible for all use of information systems and technology and for any information stored or communicated using their identity or password.

All individuals' usernames issued at the University are unique and are not re-used. Although usernames are not secret, they should be treated as personal. Details should not be divulged to others.

Passwords on the other hand are secret and you are responsible for protecting your own. If you are the only one who knows your password your information is secure and the systems that you access are safe.

Remember that a computer that is left unattended and logged in gives anyone access to information accessible to the authorised user. If a computer is left unattended, it should be shut down or locked through the use of a password access 'hot-key' or password-protected screen saver.