Password Best Practice
It is essential for passwords to be kept both secure and confidential. Passwords must follow the rules in the Accounts and Access Procedures which are explained on the password rules web site (most online systems will only allow you to choose passwords that satisfy these rules).
Choosing a secure password
When choosing a password, consider the following principles;
- Select a password that is easy for you to remember, but not for others to guess.
- Consider using the initials of a song or phrase that you can easily remember, but others are unlikely to guess.
- Do not use your login name or user name in any form (reversed, capitalised, doubled, etc).
- Do not use your first, middle or last name in any form.
- Do not use any nicknames you may have.
- Do not select obvious passwords, such as the name of a close relative, friend or pet.
- Do not use other information easily obtained about you. This includes your birth date, license plate numbers, telephone numbers, the brand of your car, the name of the street you live on, etc.
- Do not use a word contained in English or foreign language dictionaries, spelling lists or other lists of words.
Keeping your password confidential
To keep your password confidential and protect your account from unauthorised use;
- Never disclose your password to someone else, including your manager or supervisor.
- Do not write your password down unless it is absolutely necessary. (If you must write it down, store it in a private and physically secure location separate from your account name.)
- If you receive a document that displays the password for your account, change your password as soon as possible or keep the document in a private and physically secure place.
- If you are about to type your password and someone is near you, take care that they cannot see what you type.
- If you suspect someone else has used your account, change your password immediately and report the details to the Technology Service Desk as soon as possible.
- If you suspect that the security of your password has been compromised, change it immediately.