Browser does not support script.
Passwords are the first line of defence against cybercriminals accessing your devices or online accounts. This makes them a valuable target for attackers trying to steal your sensitive personal information, such as your bank account details, address or date of birth.
Choosing a strong, unique password for each important account you have helps to protect against unauthorised access to your sensitive personal information. Using different passwords means that, should one of the systems you use be compromised, cybercriminals are unable to use the same credentials on other systems.
A secure password is especially important for your primary e-mail account, as the password reset feature other systems use will often send new passwords or password reset links to this account.
The current recommendation from the UK Government's Cyber Aware campaign is to use three random words. These can be any three words in any order, and numbers or special characters can still be used, for example 7blueElevat0rRis!ng33, but don't use words or phrases which are easy for other people to guess e.g. TheLionKing.
It can be difficult to remember a lot of complex passwords for many different systems. Fortunately, there are apps called 'password managers' which can securely store a variety of passwords for you and even generate strong passwords for your online accounts.
There is a variety of password manager apps available to download from online app stores; however, three free options we recommend for students are Dashlane, LastPass, and RoboFormEverywhere (free for education).
If you don't want to use a password manager app then it's possible to use a strong base password and use a system you can remember to create a unique password for each site. For example, we could take the second and fifth letter of a site and place these between our three random words, or better place the next alphabetical character instead. So, using our '7blueElevat0rRis!ng33' example, our Facebook password would be '7bluebElevat0rcRis!ng33' and our Twitter password would be '7bluexElevat0ruRis!ng33'.
Two-factor authentication (2FA) is an extra level of security designed to ensure that you're the only person who can access your account, even if someone else happens to know your password. Two-factor authentication uses a combination of something you know (your password) and something you hold (a generated code) or something you are (such as your fingerprint) to confirm your identity.
Many online banking applications, ecommerce sites and e-mail providers support two-factor authentication using a numeric code sent in a text message to your phone, which can only be used once. This means someone would need to have access to your phone as well as knowing your password to access your online account.
There are several methods for two-factor authentication including:
We recommend you enable two-factor authentication for your most important accounts to protect your sensitive personal information. There is a useful guide to enabling two-factor authentication for Google, Facebook, Twitter, Instagram and other popular online services online.
Digital Services is currently looking to enable the option to use two-factor authentication to access your University account. Please keep an eye on your University e-mail and this page for more information in due course.
Google, Facebook, LinkedIn and other social media services offer an option to seamlessly sign in to third-party websites using your social media account credentials.
This makes it easier to log in to these websites without needing to sign up for an account on the site or provide your sensitive personal information – you only need to remember the password for your social media account!
This also provides the benefits of the social media site's security mechanisms when logging in (such as two-factor authentication, account lockout protection, etc.) and means there is one less password you need to worry about being compromised if the third-party website suffers a breach.
There are, however, a few important things to be aware of when using this service:
Always change your password immediately if you suspect that your University account or password has been compromised and report this to the IT Service Desk by phoning 01785 353800 or e-mailing firstname.lastname@example.org