Skip to navigation Skip to content

Password guidelines

Passwords are essential to protect your information from cyber criminals, therefore they should be a secret that only you know.

This guide helps you create and maintain strong passwords to keep you and your information safe online.

Step 1: Create a strong password

Weak passwords are easy for criminals to guess. Criminals use automated software that can guess billions of passwords per second. The key thing to remember when creating a password is that the more complex and longer it is, the stronger it is!

Meet University password requirements:

  • Must contain 9 characters or more
  • Must contain at least one a upper case character
  • Must contain at least one lower case character
  • Must contain at least one number
  • Must contain at least one special character, such as "#$%&'()*+,-./:;<=>!?@[\]^_`{|}~ 
  • Must not be a single dictionary words, such as University or Summer, your account name, or complete parts of the full name as it makes your password easy to guess
  • Enable multi-factor authentication (MFA), e.g. use of a password, as well as a code sent to your phone, to stay safe even when your password gets compromised. For more information, visit our Staff MFA or Student MFA site as appropriate.

Step 2: Protect your password

Keeping your passwords secure is important, because if someone else gets access to this information, they may also have access to everything you do online. They could steal or alter sensitive University data, impersonate you and even commit cyber-crime under your name.

Meet University password requirements:

  • Change your password every 6 months. It can help contain the consequences of a data breach you may not even be aware of
  • Do not share your personal UWA passwords or other credentials with anyone. As per the UWA Acceptable Use of IT Policy, you are responsible for all activities originating from your personal UWA accounts. When sharing your credentials with others, audit trails will log their activities under your name
  • Do not provide your password in response to a phone call or email. University IT or other reputable service providers will never ask for your password
  • Ensure nobody is watching you type your password. Also as a matter of courtesy, turn away when someone else is entering their password

Consider our tips for enhanced security:

  • Do not use the same password for multiple University and personal accounts
  • Consider passphrases made up of multiple words to create passwords of 12 characters or more, yet more memorable. The phrase "My Password is Strong" can be converted to "My.Passw0rd.Is.Str0ng!"
  • Never use any example passwords given in this web page or similar documents
  • Store your passwords in a password vault. The University provides you with LastPass password vault free of charge

Step 3: Communicating and transferring passwords

There are circumstances when accounts are designed to be used by multiple people, such as kiosk accounts, or you have to communicate passwords to others for example to on-board an external contractor. Secure transfer of passwords and other credentials is fundamental to ensure the confidentiality of University information. Please observe the following guidelines when communicating and transferring passwords:

  • Use a password manager, such as LastPass to transfer passwords wherever possible. Password managers store passwords in an encrypted vault and allow for secure transferring to colleagues
  • Give the recipient a call to verify their identity and communicate password
  • Always encrypt any files or emails that contain passwords. All Microsoft Office and Adobe PDF files allow for this. Think outside the box and use out-of-band channels, such as contacting the other person, to communicate the encryption key
  • Do not email, SMS or instant message passwords as plain text as they are readable to anyone who might intercept the communication or have access to your device or conversation history
  • Do not write down passwords on a sticky note or paste them into shared file

Step 4: Know what to do when your password gets compromised

At some point, you will likely be affected by a data breach. Knowing how to respond, will save you time and can prevent more serious consequences.

Meet University password requirements:

  • If you think your password may have been compromised, change it immediately: Easy ways to change your Pheme password
  • In an event where you suspect your University accounts or password may have been compromised, contact University IT immediately
  • Contact University IT Service Desk for any questions and to report suspicious behaviour, security vulnerabilities or breache
X
Cookies help us improve your website experience. By using our website, you agree to our use of cookies.
Confirm