Password guidelines
Passwords are essential to protect your information from cyber criminals, therefore they should be a secret that only you know.
This guide helps you create and maintain strong passwords to keep you and your information safe online.
Step 1: Create a strong password
Weak passwords are easy for criminals to guess. Criminals use automated software that can guess billions of passwords per second. The key thing to remember when creating a password is that the more complex and longer it is, the stronger it is!
Meet University password requirements:
- Must contain 8 characters or more
- Must contain at least one upper case character
- Must contain at least one lower case character
- Must contain at least one number
- Must contain at least one special character, such as "#$%&'()*+,-./:;<=>!?@[\]^_`{|}~
- Must not be a previously used password
- Must not consist of easily guessable dictionary words, regardless of the use of numbers or symbols
- Enable multi-factor authentication (MFA), e.g. use of a password, as well as a code sent to your phone, to stay safe even when your password gets compromised. For more information, visit our Staff MFA or Student MFA site as appropriate.
Accounts that have not been accessed for 190 days will be automatically disabled. To reactivate your account, please contact the IT Service Desk on +61 8 6488 1234 or email [email protected].”
Step 2: Protect your password
Keeping your passwords secure is important, because if someone else gets access to this information, they may also have access to everything you do online. They could steal or alter sensitive University data, impersonate you and even commit cyber-crime under your name.
Meet University password requirements:
- Change your password every 6 months. It can help contain the consequences of a data breach you may not even be aware of
- Do not share your personal UWA passwords or other credentials with anyone. As per the UWA Acceptable Use of IT Policy, you are responsible for all activities originating from your personal UWA accounts. When sharing your credentials with others, audit trails will log their activities under your name
- Do not provide your password in response to a phone call or email. University IT or other reputable service providers will never ask for your password
- Ensure nobody is watching you type your password. Also as a matter of courtesy, turn away when someone else is entering their password
Consider our tips for enhanced security:
- Do not use the same password for multiple University and personal accounts
- Consider passphrases made up of multiple words to create passwords of 12 characters or more, yet more memorable. The phrase "My Password is Strong" can be converted to "My.Passw0rd.Is.Str0ng!"
- Never use any example passwords given in this web page or similar documents
- Store your passwords in a password vault. The University provides you with LastPass password vault free of charge
Step 3: Communicating and transferring passwords
There are circumstances when accounts are designed to be used by multiple people, such as kiosk accounts, or you have to communicate passwords to others for example to on-board an external contractor. Secure transfer of passwords and other credentials is fundamental to ensure the confidentiality of University information. Please observe the following guidelines when communicating and transferring passwords:
- Use a password manager, such as LastPass to transfer passwords wherever possible. Password managers store passwords in an encrypted vault and allow for secure transferring to colleagues
- Give the recipient a call to verify their identity and communicate password
- Always encrypt any files or emails that contain passwords. All Microsoft Office and Adobe PDF files allow for this. Think outside the box and use out-of-band channels, such as contacting the other person, to communicate the encryption key
- Do not email, SMS or instant message passwords as plain text as they are readable to anyone who might intercept the communication or have access to your device or conversation history
- Do not write down passwords on a sticky note or paste them into shared file
Step 4: Know what to do when your password gets compromised
At some point, you will likely be affected by a data breach. Knowing how to respond, will save you time and can prevent more serious consequences.
Meet University password requirements:
- If you think your password may have been compromised, change it immediately: Easy ways to change your UniID password
- In an event where you suspect your University accounts or password may have been compromised, contact University IT immediately
- Contact University IT Service Desk for any questions and to report suspicious behaviour, security vulnerabilities or breach