With wider usage of the password and from a range of devices, the likelihood of a password being compromised has increased considerably. Whilst regular password change will not prevent the hacking of an account it will limit the period of exposure which is particularly important where the hacking of the account is difficult to detect.
While regular changes to passwords can carry its own risks, it is felt that 90 days between password changes, just four times a year, provides a good compromise, ensuring that passwords are refreshed regularly but not so often that it leads to confusion.
Who does it apply to?
- All University staff (including externals), postgraduate research students and departmental IT accounts.
- Staff in Clinical Trials Unit (CTU) change their password every 30 days.
What are the key things to know?
- Compromised IT accounts could potentially allow access to confidential research data, exam material, or staff and student personal information. In order to reduce the risk of this occurring, staff are required to change their strong password every 90 days.
- Regular changes to passwords can carry its own risks, however it is felt that 90 days between password changes, just four times a year, ensures that passwords are refreshed regularly but not so often that it leads to confusion.
- This policy was approved by the Information Security Policy steering group in March 2010.
- You will receive an email notification 14 days before you are required to change your password.