Password Policy Overview
Introduction
This policy promotes good practice to ensure University systems and data are only accessed by authorised users. Password rules are automatically enforced where systems support this. Where they can't, this must be documented. Where possible, users should adhere to the password rules, even when a system can't automatically enforce them. Users only have to set up their question page once, ideally before the need to reset their password. Click on the relevant link and log on to access the question page.
Key Points
- Passwords must be 8 characters or more,
- Passwords must contain characters from at least three out of the following four categories: Uppercase letters A to Z, Lowercase letters a to z, Numbers 0 to 9, Special Characters !#$%@'()+-?[]^_{}~
- Passwords must not contain any characters that are not listed above, including space characters,
- Staff passwords expire after 84 days,
- The previous 8 passwords cannot be re-used,
- Passwords must not contain the users first name, surname or logon code, and for students also their student number,
- Six incorrect password attempts will result in a 30 minute lockout of the account.
The Policy Document
The complete policy can be found here.
Guidance
Further guidance is currently under development.
The DTS Help pages (for SHU staff only) contain further guidance on
