Information ServicesStrong passwords

Life is full of passwords. We use them every day to shop online and to access email, social media and University systems. Passwords prove who you are and help stop identity theft, fraud and confidential information falling into the wrong hands.

Using strong passwords, or passphrases, is an essential part of protecting your online accounts. A strong password is one that is unique, long and hard to guess.

Remembering different strong passwords for each online services can be difficult. That's why we recommend using a password manager to create and manage your passwords. All you have to do is remember the password to your password vault. Choose a password manager that supports Multi-Factor Authentication (MFA) for added security.

Top tips for strong passwords

Do use:

  • a unique, strong password for each of your online accounts
  • three random words to create a strong password
  • Multi-Factor Authentication (MFA) where it’s available, especially on your most important accounts, like email and online banking
  • a password manager to help manage your passwords

 Do not:

  • use your University password on any other website
  • use your email password on any other website
  • share your password with anyone
  • use variants of password, for example password1, p@ssw0rd, etc
  • use personal details such as the names of family members, pets or your favourite sports teams
  • use single words from the dictionary, as these can be easily cracked

Watch Hunt the Password from Get Safe Online on Vimeo.

Use three random words to create strong passwords

A simple way to create a strong password is to use three random dictionary words:

  • avoid family members’ names, sports teams, or other words that could be guessed from your social media profiles
  • use long passwords for strong passwords
  • go to How Secure is My Password to see how longer passwords are more secure (although do not actually enter a password you intend to use, never share your passwords with anyone)
  • you can add capitalisation, symbols or numbers for added complexity

Use a strong, unique password for your email account

Never use the same combination of email address and password for your email account as you do for other services. Other websites may be compromised by a data breach, making it fast and easy for your email to be hacked too. 

Go to Have I Been Pwned? to find out if an online account has been compromised in a data breach. If it has, any other accounts that use the same password could be at risk.

Your email is particularly important because if it's hacked:

  • cyber criminals can impersonate you to commit identity theft and fraud
  • password reset requests are sent to your email account, leaving your most important accounts at risk
  • any sensitive data you send or receive could be intercepted
  • your email account is a treasure trove of information that could be exploited by hackers

Password managers

We all have dozens, if not hundreds, of online accounts. With even the largest websites falling victim to data breaches, it is essential to have a unique, strong password for every website. Using a password manager is the only realistic way of doing this.

The more popular password managers:

  • work across multiple devices
  • store all your passwords in a single location
  • create incredibly complex passwords that are practically uncrackable
  • automatically log you into your favourite websites 

By using a password manager you only ever need to remember a single master password. With all your passwords stored in the same location, you should add Multi-Factor Authentication (MFA) for an added layer of security.

There are lots of password managers available, including many that are free or have free versions.

Find out more about password managers.

Multi-Factor Authentication (MFA)

Use Multi-Factor Authentication (MFA) on your most important online accounts, like email and banking. MFA adds an extra layer of security by adding a second way to confirm your identity. This could be in the form of a code sent via a text message to a nominated phone or a code generated by a smartphone app.

Watch What is Multi-Factor Authentication? from IBM Technology on YouTube.

Find out more

You can change your password in Pegasus.

Go to the DS Password help page for more information.

To reset your password you'll need to have the following information to hand:

  • DS username
  • date of birth
  • personal email address

The information you enter must match the information we hold on file for you. Once we verify your information we will send you an email or SMS text message, depending on the information you provide. You'll then have two days to reset your password.

Reset your password now.

If you think your DS password may be known by a third party you should:

  • disconnect your device from the University network (both wired and wireless)
  • change your password via a device you do not regularly use (for example, a colleague's PC)
  • report it to the Helpdesk (contact Information Services)

Whenever you set or change your password, you'll need to make sure it complies with the following rules. If you do not, then the system will not allow you to set/change your password:

  • use 12 to 30 characters
  • combination of upper and lowercase letters (A to Z, a to z)
  • at least one number (0 to 9) or one of the following symbols (# $ % ^ & * - _ + = [ ] { } | \ : , . ? / ` ~ ( ) ;)
  • the first character must be alphabetic
  • cannot contain your name or username

Please note that the use of common names or simplistic passwords could compromise the security of your data.

Many of the biggest online services will allow you to set up 2FA. Click on the links below for more information: