Strong Passwords

Protect Your Passwords

Life is full of passwords. We use them every day to shop online and to access email, social media and University systems. Passwords prove who you are and help stop identity theft, fraud and confidential information falling into the wrong hands.

Using strong passwords, or passphrases, is an essential part of protecting your online accounts. A strong password is one that is unique, long and hard to guess.

Remembering different strong passwords for each online services can be difficult. That's why we recommend using a password manager to create and manage your passwords. All you have to do is remember the password to your password vault. Choose a password manager that supports 2-factor authentication for added security.

Hunt the Password from Get Safe Online on Vimeo.

Top Tips for Strong Passwords

Do:

  • Use a unique, strong password for each of your online accounts. 
  • Use 3 random words to create a strong password
  • Use 2-factor authentication where it’s available, especially on your most important accounts, like email and online banking.
  • Use a a password manager to help manage your passwords

 Don't:

  • Use your University password on any other website
  • Use your email password on any other website
  • Share your password with anyone
  • Use variants of password, e.g. password1, p@ssw0rd, etc.
  • Use personal details such as the names of family members, pets or your favourite sports teams
  • Use single words from the dictionary, as these can be easily cracked

 

Use 3 Random Words to Create Strong Passwords

A simple way to create a strong password is to use 3 random dictionary words.

  • Avoid family members’ names, sports teams, or other words that could be guessed from your social media profiles
  • Use long passwords for strong passwords
  • Go to How Secure is My Password to see how longer passwords are more secure (although don't actually enter a password you intend to use - never share your passowrds with anyone!)
  • You can add capitalisation, symbols or numbers for added complexity

 

Use a Strong, Unique Password for your Email Account

Never use the same combination of email address and password for your email account as you do for other services. Other websites may be compromised by a data breach, making it fast and easy for your email to be hacked too. 

Go to Have I Been Pwned? to find out if an online account has been compromised in a data breach. If it has, any other accounts that use the same password could be be at risk.

Your email is particularly important because if it's hacked:

  • Cyber criminals can impersonate you to commit identity theft and fraud
  • Password reset requests are sent to your email account, leaving your most important accounts at risk
  • Any sensitive data you send or receive could be intercepted
  • Your email account is a treasure trove of information that could be exploited by hackers´╗┐

Password Managers

We all have dozens, if not hundreds, of online accounts. With even the largest websites falling victim to data breaches, it is essential to have a unique, strong password for every website. Using a password manager is the only realistic way of doing this.

The more popular password managers:

  • Work across multiple devices
  • Store all your passwords in a single location
  • Create incredibly complex passwords that are practically uncrackable
  • Automatically log you into your favorite websites 

By using a password manager you only ever need to remember a single master password. With all your passwords stored in the same location, you should add 2-factor authentication for an added layer of security.

There are lots of password managers available, including many that are free or have free versions, such as LastPass.

Find out more about password managers

 

Two-Factor Authentication

Use two-factor authentication (2FA) on your most important online accounts, like email and banking. 2FA adds an extra layer of security by adding a second way to confirm your identity. This could be in the form of a code sent via a text message to a nominated phone or a code generated by a smartphone app.

What is Two-Factor Authentication? from Martin Thoburn on Vimeo.

 

Find Out More

You can change your password in Pegasus.

Go to the DS Password help page for more information.

To reset your password you'll need to have the following infromation to hand:

  • DS username
  • Date of birth
  • Personal email address

Go to the DS Password help page for more information.´╗┐

If you think your DS password may be known by a 3rd party you should:

  • Disconnect your device from the University network (both wired and wireless)
  • Change your password via a device you don’t regularly use (e.g. colleagues PC)
  • Report it to the Helpdesk

Many of the biggest online services will allow you to set-up 2FA. Click on the links below for more information: