Monday, 11 August 2014

Passwords: Now Stronger, Longer (and More Absorbent?)

It is now possible to create University passwords up to 30 characters in length and for the first time they can include mixed case letters as well as numbers and a few special characters. In addition the minimum length of new passwords has increased from 6 to 8 characters.

This means you can now have passwords like:

  • IHaveASmellyDogCalledEric
  • GetTeenageKicksRightThroughTheNight-ALRIGHT
  • Pa55w0rd

The final one illustrates that although we have made it easy for you to choose a very secure password it is still perfectly possible to choose a poor password. Ultimately, the security of your data depends on the strength of password you choose and the diligence with which you protect it.

You can continue using your current password if you like, but we strongly advise you to choose a stronger password. To do this go to the Computer User Account Management link in the My services menu in MUSE. You will be able to choose a stronger password and it must have at least 8 characters.

However, even the strongest password is useless unless you protect it as follows:

  • Never write your password down
  • Never share your password with a colleague or friend
  • Never write your password in an email
  • Never use your University password on an external site such as Amazon, Ebay, Facebook or your bank
  • Never log into a website by clicking a link in an email or other electronic message

Even when University passwords were limited to 8 characters they were perfectly safe unless someone chose an obvious dictionary word. The most common cause of security breaches was when someone deliberately or inadvertently shared their password.

However, there was a perception by some people that our short passwords were fundamentally insecure. We hope that by re-engineering our systems to allow longer passwords we have allayed these fears. At the very least we have made it very easy to create very secure passwords. The rest is up to you.