Passwords

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource.

As a member of the University community, access to most online facilities and resources is is via your current Uni-ID/student number and associated password.

Your role and the number of systems you access will influence the number of different passwords you will need.

Passwords must conform to the following rules:

  • Cannot contain your username, or any part of your name
  • Be between 8 and 16 characters in length
  • At least 1 letter
  • At least 1 uppercase character
  • At least 1 number
  • At least 1 special character (see table below for acceptable characters)
! (exclamation mark) % (percent sign) 
+ (plus sign)  - (dash)
: (colon) ? (question mark)
* (asterisk)  / (forward slash)
. (full stop)  _ (underscore)

 

Locked Password
If you enter your password incorrectly 3 times in a row, your account will be locked for 5 minutes. After 5 minutes you can then try again, or contact the 17triplezero IT Service Desk who will reset your password for you.

You may be held responsible for any actions that arise from the misuse of your account.

Password guidelines

Your passwords are the keys you use to access personal information that you've stored on your computer and in your online accounts.

The University of Newcastle makes the following recommendations regarding setting passwords for use with all University IT accounts and facilities.

Recommended practices for creating a strong password and keeping it secure
Use words and phrases that are easy for you to remember, but difficult for others to guess.
The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.
Keep your passwords secret.
Treat your passwords and pass phrases with as much care as the information that they protect.
Don't reveal them to others.
Keep your passwords hidden from friends or family members who could pass them on to other less trustworthy individuals.
Protect any recorded passwords.
Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.
Never provide your password over e-mail or based on an e-mail request.
Any e-mail that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. Email can be intercepted in transit, and email that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent email messages to entice you into revealing your user names and passwords, steal your identity, and more.
Change your passwords regularly.
This can help keep criminals and other malicious users unaware. The strength of your password will help keep it secure for a longer time.
Do not type passwords on computers that you do not control.
Computers such as those in Internet cafés, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any critical use.  These devices may let malicious users harvest all the information typed on a computer from across the Internet using keystroke logging devices.

 

How to create a strong password that is easy for you to remember
  1. Think of a sentence that you can remember.
    This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "I like to drink water everyday"
  2. Convert the pass phrases into a password.
    Take the first letter of each word of the sentence that you've created to create a new, nonsensical word.
    Using the example above, you would get: "iltdwed"
  3. Add complexity by mixing uppercase and lowercase letters and numbers. 
    It is valuable to use some letter swapping or misspellings as well. This might yield a password like "il2dweD"
  4. Finally, substitute some special characters.
    You can use symbols that look like letters or use spaces as other ways to make the password more complex. Using these tricks, we create a password “i l2dweD/”
  5. Test your new password with a password checking website that helps determine your password's strength, eg. http://www.microsoft.com/protect/yourself/password/checker.mspx

 

Password strategies to avoid
Avoid using only look-alike substitutions of numbers or symbols.
Malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
Avoid dictionary words in any language.
Malicious users use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.
Avoid words that can be associated with you.
We all have a tendency to forget passwords, so we choose something that has particular relevance to ourselves: the name of a loved one, our favourite car, sport, or ice cream, etc.  Anyone knowing a little about us can make a list of these words and easily crack the password. All-digit passwords usually fall into this category eg. birthdates, phone numbers.