Password policy

The University and Departmental policy on passwords is that they should be complex. This means that simple words that appear in dictionaries or other common passwords have to be disallowed as these are too easy to crack using fast, modern computers. The down side is that complex passwords can be hard to remember but we have some advice to help you overcome this.

Complexity Rules

Reasonable Password

  1. At least 12 characters in length
  2. Base the password on a memorable phrase or lyric
  3. Include the use of capital letters, punctuation and/or numbers to meet the Oxford requirements. Example "Correct-Horse-Battery-Staple"

Excellent Password

  1. At least 16 characters in length
  2. Base the password on a memorable phrase or lyric
  3. Include the use of capital letters, punctuation and/or numbers or punctuation to meet the Oxford requirements.
  4. Include a non-dictionary word. Example "Correct-Horse-Battery-Staple xtr4 str0ng p4ssw0rd!"

You should also avoid any password that is related to personal details that are easy to discover. For Example

Your date of birth.
Relatives or pet names.
Addresses.
Phone numbers.
Car registration numbers.
Information from social networking sites.

Please do not use the same password for different accounts as weak security at a single site could put all your accounts at risk.

Changing your password

All users are asked to check that their passwords are sufficiently complex by attempting to change them to the same value they have now. If you receive an error message then please choose a more complex password.

Using a web browser

Please visit https://www3.physics.ox.ac.uk/apps/it/passwordreset

Windows

Whilst logged in press Ctrl+Alt+Del and select Change A Password

macOS

macOS users can also reset their password by going to:
System Preferences -> Accounts -> your account -> Change Password
This method will reset the local (keychain) password and remote/departmental (Active Directory) password in one go. If you then log onto a different macOS system afterwards, accept the suggestion to update your keychain password there, typing in your old password into the next password challenge box that appears.

N.B. If you need to change your password you will also need to update it anywhere that it has been stored. For example, passwords appear in the configuration of email clients, Sophos updates from home, VPN clients, printer connections, stored connections to network drives etc. However, please note that most people using a standard centrally managed windows desktop are unlikely to need these additional changes.

Categories: Policy Password