Weak passwords can be cracked in seconds. We require longer and more complex passwords to make them harder for cyber criminals to crack. Here we share the reasons for our password requirements and other ways you can keep your passwords safe. They are based on the latest advice from the National Cyber Security Centre (NCSC) to help you create a secure password.
Never share your password
You must never share your university username and password with anyone, and you must not use your university password on other websites or apps.
If you suspect that someone knows your password, or you have previously used it on other sites, please change it immediately. You can see how to do this below.
Sites which host stolen intellectual property ask for your username and password for a reason; so they can use it or resell it to a cyber-criminal. This puts our systems at risk.
Remember, never share any of your passwords with others.
Combine three random words to create a password that’s ‘long enough and strong enough’
A good way to make your password difficult to crack is by combining three random words to create a single password. For example AppleNemoBiro. By using a password that’s made up of three random words, you’re creating a password that will be ‘long enough’ and ‘strong enough’ to keep the criminals out, but easy enough for you to remember. Please include at least one number or special character.
Use a strong password generator
Another useful way to create a strong password is to use a password generator. 1Password's Password Generator allows you to generate a random or memorable password, and specify its length plus the inclusion of numeric and/or special characters (please check for the inclusion of restricted characters as explained below).
Don't use your personal information
Do not use your username, first name, last name, or any other personal information in your password. This information may be easy for cyber criminals to find, making it easier for them to crack your password.
History: Don't reuse your passwords
Never reuse your university password. Create a different password for each site that you have an account on.
Complexity: Avoid using easy-to-guess passwords
The most common passwords can be easily guessed (like ‘password’). You should also avoid creating passwords from significant dates like your birthday, or a loved one’s. Also avoid using family or pet names, or even your favourite sports team. Most of these details can be found on your social media profile.
For university accounts, avoid using words related to our organisation. Hackers design their attacks for each organisation, so avoid using words like “university”, “Greenwich” or “Faculty” in your university password.
Restricted Characters: ¬ l £ or # or a space
Do not use these symbols ¬ l £ or # or a space in your password. Some of our systems use computer code which contains these symbols. So using these symbols in your password can cause issues.
Use a password manager to safely store your passwords
A password manager can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts rather than using the same password for all of them, which you should never do. Find out more about password managers and how to use them here.
Check your password hasn’t been hacked
NCSC have released a file containing the top 100,000 hacked passwords. If you see a password that you use in this list, you should change it immediately.
Password re-use is still a major risk for you and our university. The password '123456' has been found 23 million times in recorded breaches. You might think that choosing a more complex password such as 'oreocookie' is better, but even that has been seen over 3,000 times. By following the guidance above or checking your accounts on Have I Been Pwned you are helping to keep your data and our systems safe.