Exeter IT Services

Exeter IT ServicesHow do I?Your IT accountPassword tips

Password guidance

Please read the following guidelines before and after you change your password.

You must always abide by the University's IT Regulations - see IT Regulations 

Minimum password criteria 

  • Your password must be at least ten characters long, preferably longer, comprising of at least four of the following:
    • Upper case letters
    • Lower case letters
    • Numbers
    • Special characters, eg ! & , . = ‘ “ ; ? / {​​​​​​​ }​​​​​​​ [ ] ~ - \ ( ) _ + $ % ^ * @ #
  • Passwords must not contain the characters < : | or > as these are used in programming.

What makes a strong password 

  • ‌Make your password long - to be more secure we suggest 10, 12, or more characters
  • Include a mixture of upper and lower case letters, and numbers and punctuation characters
  • Make your password easy to remember – for example, choose a short phrase that makes sense to you and use its initial letters and a number, or combine two or three short words with a number between them

What makes a weak password

  • The word 'password' or 'admin'
  • Simple strings of keyboard letters such as '123456', ‘qwerty’ or ‘zxcvbn’‌
  • Your username, or your username in reverse
  • Your surname or any of your forenames
  • Any word that appears in any dictionary, including technical and foreign words, even spelt backwards
  • Any recognisable name (personal names, names of pets, fictional characters, your department, make of your car etc.)
  • Any dictionary word slightly modified by adding a number to the end, or changing ‘i’ to ‘1’, ‘o’ to zero, etc.

Multi-factor authentication (MFA)

The use of MFA is mandatory for all users requiring access to University systems and services. This includes users requiring access to resources / systems within the University network that are only accessible via the virtual private network (VPN). Please refer to the MFA guidance for more information on setting-up and using MFA. 

Disconnect your mobile devices first!

Mobile devices connecting to University network

If you have your University of Exeter email, WiFi, or any other University apps set up on your mobile devices (smart phone, tablet etc) please disconnect WiFi and 3G or 4G connections on all your devices before you change your password or reset a forgotten password. If you don't then they may lock your University account.

The easiest way to do this is to "Forget Network" for WiFi and turn off Mobile Data on all your device(s).

After you have changed your password, make sure you update your new password in Account Settings for your University email, WiFi etc on all your mobile devices before you reconnect to WiFi or 3G or 4G again on them.‌

Staff working remotely

If you have a Staff University laptop and you are working remotely away from the university, that is, your laptop is not physically connected to the University network, then you are still able to change your IT account password, via a browser or VPN session. Learn how to use the VPN.

This will then be your active new password for accessing university systems and applications online.

But please note your laptop's local login password will remain as your old password until the next time you connect the laptop to the university network, when it will then be automatically updated to your new password.‌

After changing your password

After you have changed your password, if you are logged in to your University account, log out and back in again using your new password.

You will be able to login into most University systems using your new password straight away.

However, you will need to manually update your new password Eduroam or UoE_Guest.

If you experience any problems with your IT account becoming locked please see Stop Account Locking.

For Staff, some University systems such as Aptos or Expenses‌ have separate User Admin functions so you don't need to change your password in them.