Articles

Inclusive by Design: Password reset changes

TLDRoffon

Our passwords now need to be changed once every 18 months, making it easier for all of us to set strong passwords and remember them. Here we share more about this change and good password practice for your university and personal accounts

Our password expiry setting has been increased to 18 months, so a student on a standard 3 year undergraduate degree course will only need to reset their password once during their studies. This makes it easer for all of us to set more complex passwords, and particularly benefits those of us with disabilities who can find changes related to password resets challenging.

Weak passwords can be cracked in seconds. By changing our passwords less frequently, we can make them longer and more complex to make them harder for cyber criminals to crack. Here we share the latest advice from the National Cyber Security Centre (NCSC) to help you create a secure password.

Combine three random words to create a password that’s ‘long enough and strong enough’

A good way to make your password difficult to crack is by combining three random words to create a single password (for example applenemobiro). By using a password that’s made up of three random words, you’re creating a password that will be ‘long enough’ and ‘strong enough’ to keep the criminals out, but easy enough for you to remember.

Use a password manager to safely store your passwords

A password manager can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts rather than using the same password for all of them, which you should never do. Find out more about password managers and how to use them here.

Avoid using easy-to-guess passwords

The most common passwords can be easily guessed (like ‘password’). You should also avoid creating passwords from significant dates (like your birthday, or a loved one’s), or by using family or pet names, or even your favourite sports team. Most of these details can be found on your social media profile.

For university accounts, avoid using words related to our organisation. Hackers design their attacks for each organisation, so avoid using words like “university”, “Greenwich” or “Faculty” in your university password.

Check your password hasn’t been hacked

NCSC have released a file containing the top 100,000 hacked passwords. If you see a password that you use in this list, you should change it immediately.

Password re-use is still a major risk for you and our university. The password '123456' has been found 23 million times in recorded breaches. You might think that choosing a more complex password such as 'oreocookie' is better, but even that has been seen over 3,000 times. By following the guidance above or checking your accounts on Have I Been Pwned you are helping to keep your data and our systems safe.

Current staff; Current students