Article - Change/Recover your staff account password

This article contains information for University staff only.

When you receive your computer account username and password, you must change the password as soon as possible as this password is only temporary.

Change your password

Change your password

You must know your current password to change it using this tool.

Forgotten your password?

If you have forgotten your password or have problems with your account, please contact Service Desk on 023 9284 7777.

Picking a password

Passwords are the lock on the door to your data and are the first point of attack for anyone trying to steal that data. The University guidelines state a password should be made up from a mixture of :

• English uppercase characters (A–Z)
• English lowercase characters (a–z)
• Numbers (0–9)
• Non-alphanumeric characters (e.g. !, $, #)

Passwords should not be only a single dictionary or slang word nor should they be personal information such as names, pet names, maiden names, birthdays, car registration and similar personal data. Also do not reference hobbies such as football teams, actors, band names and the like.

The primary goal is to create and use ‘strong’ passwords - which are easy to remember and difficult to guess. There are three strategies recommended by UoP:

1. Use a passphrase
   A passphrase is generally a longer version of a password and is typically composed of multiple words: The following is a suggested method for creating a strong Passphrase:
   1. Pick three short unrelated words: e.g. tree, witch, rock
   2. Capitalise the first letter of each word: Tree, Witch, Rock
   3. Separate each word using a punctuation symbol:
      Tree?Witch?Rock
   4. Add a number : Tree?Witch?R0ck
2. Use word association
   e.g. Amazon - b00ks_&_DVD5 or B00K5//on=line
   e.g. PayPal - M@KE-payment5 or is=1T=5AFE?
3. Use a song or poem
   Mary had a little lamb, it’s fleece was white as snow.
   This becomes: MHALLIFWWAS or mhall-IFWWA5

Never share your password with anybody. No reputable service representative will ask you for your password. This kind of attack is known as phishing, someone will pretend to be from your bank or payroll office or Service Desk and ask for the password. This will never be required by a legitimate organisation.

All modern mobile devices will allow you to protect your data with a secure pin or password. We encourage everyone to use this feature.

Use different passwords for different systems just as you would have different keys for different doors in your home. Some services offer a password hint. Should a password hint be available do not use something obvious such including the line used from a song or poem.

If you have been given administrator access to a system, only use this log in when you are required to perform a task which requires your access privileges to be raised.

Further information on passwords and other security advisories can be found here.