Layout print header[D]

Password Policy Overview


This policy promotes good practice to ensure University systems and data are only accessed by authorised users. Password rules are automatically enforced where systems support this. Where they can't, this must be documented. Where possible, users should adhere to the password rules, even when a system can't automatically enforce them. Users only have to set up their question page once, ideally before the need to reset their password. Click on the relevant link and log on to access the question page.

Key Points

  • Passwords must be 8 characters or more,
  • Passwords must contain characters from at least three out of the following four categories: Uppercase letters A to Z, Lowercase letters a to z, Numbers 0 to 9, Special Characters !#$%@'()+-?[]^_{}~
  • Passwords must not contain any characters that are not listed above, including space characters,
  • Staff passwords expire after 84 days,
  • The previous 8 passwords cannot be re-used,
  • Passwords must not contain the users first name, surname or logon code, and for students also their student number,
  • Six incorrect password attempts will result in a 30 minute lockout of the account.

The Policy Document

The complete policy can be found here.


Further guidance is currently under development.

The DTS Help pages (for SHU staff only) contain further guidance on

Sheffield Hallam University website

Sheffield Hallam University, City Campus, Howard Street, Sheffield S1 1WB

Telephone 0114 225 5555 | Fax 0114 225 4449

Privacy Policy

Freedom of information




Legal information