New University password policy


May 1st, 2018

A message from the Chief Information Security Officer:

“This week will see the introduction of a new university password policy. This is part of our programme to enhance network security and protect personal, commercial and research data.

It follows the introduction of intruder lockout last year (a temporary lock-out function where 5 incorrect login attempts are made) and this year’s implementation of the screen lock security feature.

The new password standards for the University are recognised security standards. The following will apply:

  • a minimum length of 7 characters
  • a combination of upper case, lower case, numbers and special characters
  • a control to prevent common words being used as passwords

The introduction of more complex passwords will remove the need for these to be regularly changed — i.e. users will be able to keep their password for life.

In the next few months we will be requesting that all staff change their passwords. Student passwords will follow ready for the new academic year.

Detailed communications will be issued directly to staff from May 2018″

Jason Carter

Chief Information Security Officer, Registrar’s Office.

Tags: , , , ,

10 Comments

May 2nd, 2018 at 11:30 am

David Bicker

Hello!
Does this mean there’s a fighting chance of successfully logging into MyView at the end of each month?
If this is so, then I intend to arrange a small party, by way of celebration.

May 2nd, 2018 at 12:58 pm

Vince Baxter

I agree David. Each month I have to reset MyView login credentials just to get my monthly payslip.

May 3rd, 2018 at 10:22 am

Shelly Rigby

I’m the same – had to have mine reset a few times. I bet there’s lots more people that have the same problem.

May 8th, 2018 at 11:23 am

Nicki

David Bicker …. LOL! 🙂

May 24th, 2018 at 10:03 am

athina

Same here!

June 23rd, 2018 at 1:11 am

George Chen

Sounds a good new policy. Will the same be applied to both the China and Malaysia campuses?

June 25th, 2018 at 8:23 am

Richard Payne

Nice to see that logic prevails. Since hackers make millions of attempts, repeat password changes are not as good as a long and complex random password. With each added character the permutations increase by (26×2 + 15 + 10) = 77 fold. Even with 8 characters that’s 1,235,736,291,547,681 possible passwords.

June 26th, 2018 at 11:05 am

Gareth Gee

Much more likely than any data theft via my email/login is someone walking into my building and making off with the computer itself (or part of it, like the RAM chips or the hard drive). This happened just last year, in fact. Any news on new measures to prevent this?

For most of us, who deal with no sensitive or valuable data at all, these constant ‘improvements’ to passwords are obviously unnecessary, completely ineffective, and very irritating. The risk to our data security comes from dodgy links to dodgy websites in suspicious emails – and no amount of changes to password policy can prevent colleagues from falling into that particular trap.

As others here have stated, MyView is a total nightmare and the login there needs simplifying, urgently. The browser on my home computer is set to remember passwords, but MyView randomly asks for one of three ‘key words’, meaning that I can never simply log in to look at my payslip and have to reset everything each month and start again from scratch. (Nobody else on Earth is remotely interested in looking at my payslip and seeing how little I earn).

June 27th, 2018 at 11:11 am

Claire Hamerton

There have been thefts of computers from our building over the past 2-3 years, so password protection certainly doesn’t guard against this kind of crime. I doubt the person responsible was after the PhD research data on the PC taken from our floor….

Responding to Gareth Gee, it is rather strange there are so many obstacles to staff viewing their payslips. Perhaps it is to focus our frustration onto MyView instead of the amount of monthly pay or other causes of staff disengagement.

August 24th, 2018 at 3:57 pm

Mia

The new password policy is overly restrictive and encourages hard to remember passwords that are still insecure and discourages secure and easy to remember passwords.

The password given on the ‘Creating strong passwords’ page is a perfect example of this. It’s tricky to remember and is still very weak.

Leave a Reply

Other

New UNM Provost and CEO to join university from June 1

Professor David FitzPatrick has been appointed as Interim Provost and CEO, University of Nottingham Malaysia Campus. […]

Investment on University Park campus: spring – autumn 2024

The university is making major investments to its estate and infrastructure this Spring, Summer and into […]