Skip to main content

Password guidance

Please read the following guidelines before and after you change your password.

You must always abide by the University's IT Regulations - see IT Regulations 

Minimum password criteria 

  • Your password must be at least ten characters long, preferably longer
  • Your password should not contain any of your names or your username
  • Your password must include characters from 3 of the following character types:
    • Upper case characters
    • Lower case characters
    • Numbers from 0 to 9
    • Any of the special characters ~ ! @ # $ % ^ & * _ - + = \ ( ) { } [ ] ; , . ? /
  • You must not use any special characters other than those shown above, especially not ' " £ < or > as these are coding characters and can prevent your account from working properly

What makes a strong password 

  • ‌Make your password long - to be more secure we suggest 10, 12, or more characters
  • Include a mixture of upper and lower case letters, and numbers and punctuation characters
  • Make your password easy to remember – for example, choose a short phrase that makes sense to you and use its initial letters and a number, or combine two or three short words with a number between them

What makes a weak password

  • The word 'password' or 'admin'
  • Simple strings of keyboard letters such as '123456', ‘qwerty’ or ‘zxcvbn’‌
  • Your username, or your username in reverse
  • Your surname or any of your forenames
  • Any word that appears in any dictionary, including technical and foreign words, even spelt backwards
  • Any recognisable name (personal names, names of pets, fictional characters, your department, make of your car etc.)
  • Any dictionary word slightly modified by adding a number to the end, or changing ‘i’ to ‘1’, ‘o’ to zero, etc.

Disconnect your mobile devices first!

Mobile devices connecting to University network

If you have your University of Exeter email, WiFi, or any other University apps set up on your mobile devices (smart phone, tablet etc) please disconnect WiFi and 3G or 4G connections on all your devices before you change your password or reset a forgotten password. If you don't then they may lock your University account.

The easiest way to do this is to "Forget Network" for WiFi and turn off Mobile Data on all your device(s).

After you have changed your password, make sure you update your new password in Account Settings for your University email, WiFi etc on all your mobile devices before you reconnect to WiFi or 3G or 4G again on them.‌

Staff working remotely

If you have a Staff University laptop and you are working remotely away from the university, that is, your laptop is not physically connected to the University network, then you are still able to change your IT account password, via a browser or VPN session. Learn how to use the VPN.

This will then be your active new password for accessing university systems and applications online.

But please note your laptop's local login password will remain as your old password until the next time you connect the laptop to the university network, when it will then be automatically updated to your new password.‌

After changing your password

After you have changed your password, if you are logged in to your University account, log out and back in again using your new password.

You will be able to login into most University systems using your new password straight away.

However, you will need to manually update your new password Eduroam or UoE_Guest.

If you experience any problems with your IT account becoming locked please see Stop Account Locking.

For Staff, some University systems such as Aptos or Expenses‌ have separate User Admin functions so you don't need to change your password in them.