Password policy

The University and Departmental policy on passwords is that they should be a minimum of 16 characters in length with a mix of upper and lower case letters as well as either numbers or special characters. The down side to this is that such passwords can be hard to remember but we have some advice to help you overcome this. We recommend using 4 or more random words such as CalibrateDoorCloudVenture and then add numbers or special characters E.G. CalibrateDoorCloudVenture!7.

Complexity Requirements

Good Password

  1. At least 16 characters in length
  2. Use four or more unrelated words.
  3. Include the use of capital letters, punctuation and/or numbers to meet the Oxford requirements. Example "Correct-Horse-Battery-Staple" or "CorrectHorseBatteryStaple34"

Excellent Password

  1. At least 24 characters in length
  2. Use four or more unrelated words.
  3. Include non-dictionary words.
  4. Replace some letters with punctuation or numbers
  5. Include the use of capital letters, punctuation and numbers. Example "Correct-Horse-Battery-Staple xtr4 str0ng p4ssw0rd!"

Please do *not* use exact copies of well-known lyrics or quotes. E.G TheresNoPlaceLikeHome!, whilst this example is reasonably long it would certainly fall prey to certain password attack types. We have seen passwords of over 30 characters become compromised due to them being direct quotes from films and music.

You should also avoid any password that is related to personal details that are easy to discover. For Example

Your date of birth.
Relatives or pet names.
Addresses.
Phone numbers.
Car registration numbers.
Information from social networking sites.

Please do not use the same password for different accounts as weak security at a single site could put all your accounts at risk.

Changing your password

Using a web browser

Please visit https://www3.physics.ox.ac.uk/apps/it/passwordreset

Windows

Whilst logged in press Ctrl+Alt+Del and select Change A Password

macOS

macOS users can also reset their password by going to:
System Preferences -> Accounts -> your account -> Change Password
This method will reset the local (keychain) password and remote/departmental (Active Directory) password in one go. If you then log onto a different macOS system afterwards, accept the suggestion to update your keychain password there, typing in your old password into the next password challenge box that appears.

N.B. If you need to change your password you will also need to update it anywhere that it has been stored. For example, passwords appear in the configuration of email clients, VPN clients, printer connections, stored connections to network drives etc. However, please note that most people using a standard centrally managed windows desktop are unlikely to need these additional changes.

Categories: Password | Policy