Passwords

A unique and strong password reduces the risk of data breaches and protects you from many threats such as identity theft. One of the most common ways that hackers break into computers is by guessing passwords.

Once you receive the initial password from UWE Bristol, you must:

1. read the guidance below to ensure you always use secure passwords.
2. set up your Microsoft account and security info, which will enable multi-factor authentication (MFA).
3. change the initial password via your Microsoft account.

Once you've set up your Microsoft account and security info, you can use it at any time to change your password and update your verification (MFA) methods.

MFA adds an additional layer of security to your account and will be required when you log in to Office 365 apps (which includes your UWE Bristol email account).

The University will never email or call you to confirm your password.

Make passwords difficult to guess by:

• using a unique password for every account
• using the three random words technique below
• never share your password with anyone for any reason
• using a password manager to store and suggest passwords
• using a minimum of 12 characters in length - always remember, longer is stronger.

A good way to create a strong and memorable password is to use three random words, for example: 3purple_house_monkeys27!

Be creative and use words that have specific meaning and are memorable to you, so that people can't guess your password. Your social media accounts can give away vital clues about yourself, so don't use words such as a family member's name or favourite sports team, which are easy for people to guess.

Cybercriminals use comprehensive tools to break passwords and can easily guess many of the simple substitutions we use, such as 'Pa55word!', which utilises symbols to replace letters.

With a password manager, you only need to remember one strong master passphrase that protects all of your credentials in a secure vault.

Many provide useful features that make your online life easier while being more secure, such as automatically entering your credentials and generating new strong passwords for you.

You will also find that most password managers support multi-factor authentication (MFA), making access to your password manager even more secure. They also keep the password data encrypted, so in case of a data breach, no one can access it without the master password.

The University does not support a single product, however, there are several free and paid-for tools such as KeePass, LastPass, and 1Password.

Caution: if you choose to download a password manager and forget the master passphrase, IT Services will not be able to restore it.