Advice and guidance

Key messages 2017

I like it strong ... like my passwords

Time to crack your 7 letter password? Two seconds.
Time to crack your 14 letter passphrase? 730 years.
Make it long, make it unique and never share it.

All UWE Bristol students and staff are issued with a username and password to access University systems (e.g. email, myUWE, and Blackboard).

A unique and strong password reduces the risk of data breaches and protects you from many threats such as identity theft. One of the most common ways that hackers break into computers is by guessing passwords.

The University will never email or call you to confirm your password.

Do

  • Change your password immediately, using Password Manager:
    • If you suspect a data breach.
    • If you suspect it has been compromised.
    • When you first receive it.
  • Make passwords difficult to guess: 
    • Keep your passwords unique.
    • Use a passphrase (see below for more information on how to create passphrases).
    • Mix upper and lower case letters, along with numbers and special characters (e.g. %^!#).
    • Use a minimum of eight characters - more is better.

Don't

  • Share passwords with anyone.
  • Write passwords on a note or store them where they can be accessed by others.
  • Make passwords using personal information, such as your name or family names.
  • Just capitalise the first character or only add a number to the end; this is well known to hackers and they test for it.

Who should I contact if I'm not sure?

Need help remembering?

Adopt a passphrase

Passphrases can be more secure and easier to remember, because they are based on memorable words only you know.

Explore using two words separated by a number or a punctuation character, such as 'Pr0%F0otb@ll' or ' 'F@5t#F00d'.

You can use a combination of insert and replace, for example: 'clockwork' could be '(l0(kwoRkS’.

Please note: The passwords above are examples and must not be used as your password.

Use a password manager

It can be difficult to maintain many strong and unique passwords and this is where a credentials (username and password) manager can help. You only need to remember one strong master passphrase that protects all of your credentials in a secure vault. Many will provide useful features that make your online life easier while being more secure, such as automatically entering your credentials and generating new strong passwords for you.

The University does not support a single product, however, there are several free and paid-for tools such as KeePass, LastPass, and 1Password.

Caution: If you choose to download a password manager and forget the master password, IT Services will not be able to restore it

Everyone at UWE Bristol is issued with their own username and password. Sharing a password contravenes UWE Bristol's Acceptable Use Policy and should not be done under any circumstances.

 

Best practice with passwords

Password dos and don'ts:

Do:

  • Do make your password difficult to guess
  • Do make sure it is unique.
  • Do mix upper and lower case letters, along with numbers and special characters (e.g. %^!#).
  • Do try using a passphrase as this tends to be longer and more secure, but still memorable.

Don't:

  • Don't share your password with anyone.
  • Don't re-use common passwords that you have used elsewhere
  • Don't use personal information, such as family names, address or telephone number, for passwords.
  • Don't write the password down (or if you must, then don't leave them anywhere accessible to other people).
  • Don't just capitalise the first character or add a number to the end

Choosing a password

Passwords must be difficult to guess. Never choose one that can be easily guessed by another person. It is often easier to adopt a passphrase as this tends to be much longer (and therefore more secure) but is still memorable. A minimum requirement of eight characters in length is required for passwords, but it is much more secure to use more.

Mixing upper and lower case letters, along with numbers and special characters (e.g. %^!#) increases the complexity, therefore making it more secure. Do not just capitalise the first character or add a number to the end, this is well-known to hackers and they test for it accordingly.

No phishing

Phishing is a scam where criminals send emails to thousands of people, pretending to come from a trusted organisation. They're trying to trick you into going to a fake website or responding to their email and providing them with your personal information. So keep an eye out – and if in doubt, delete it. Better safe than sorry.

For further information on phishing emails and examples of what they look like, read our guidance on phishing.

Do you know where that stick's been?

If you pick up a USB stick do you think 'Hey, free USB stick' or 'This could have malware on it'? You should be thinking about the malware. Plugging an unknown USB stick into your computer could have serious consequences, especially if it's loaded with malware. If you find a USB stick, just hand it in to an Information Point or IT Help Desk - it could be harmless, but don't take the chance.

For further information read out guidance on malware protection.

How safe do you think you are?

You might think it's really difficult to stay safe online, but it's not! There are a number of sensible and simple measures you can take to protect yourself. The precautions are as simple as choosing strong passwords and installing and updating antivirus software - and making sure you can distinguish between genuine and fraudulent websites and emails.

You can find information about antivirus protection in our malware protection and device security guidance. You will also find encryption advice on our tasks page.

Back to top