Passwords
Advice on strong passwords, keeping them secure and password managers.
Change your password
A unique and strong password reduces the risk of data breaches and protects you from many threats such as identity theft. One of the most common ways that hackers break into computers is by guessing passwords.
Once you receive the initial password from UWE Bristol, you must:
- read the guidance below to ensure you always use secure passwords.
- set up your Microsoft account and security info, which will enable multi-factor authentication (MFA).
- change the initial password via your Microsoft account.
Once you've set up your Microsoft account and security info, you can use it at any time to change your password and update your verification (MFA) methods.
MFA adds an additional layer of security to your account and will be required when you log in to Microsoft 365 apps (which includes your UWE Bristol email account).
The University will never email or call you to confirm your password.
Secure passwords
Make passwords difficult to guess by:
- using a unique password for every account
- using the three random words technique
- never share your password with anyone for any reason, this includes friends and family
- using a password manager to store and suggest passwords
- using a minimum of 12 characters in length.
Use three random words
A good way to create a strong and memorable password is to use three random words, for example, 3purple_house_monkeys27!
Be creative and use words that have specific meanings and are memorable to you, so that people can't guess your password. Your social media accounts can give away vital clues about yourself, so don't use words such as a family member's name or favourite sports team, which are easy for people to guess.
Cybercriminals use comprehensive tools to break passwords and can easily guess many of the simple substitutions, such as 'Pa55word!', which utilises symbols to replace letters.
Password manager
With a password manager, you only need to remember one strong master password that protects all of your credentials in a secure vault.
Many provide useful features that make your online life easier while being more secure, such as automatically entering your credentials and generating new strong passwords for you.
You will also find that most password managers support multi-factor authentication (MFA), making access to your password manager even more secure. They also keep the password data encrypted, so in case of a data breach, no one can access it without the master password.
The University does not support a single product, however, there are several free and paid-for tools such as KeePass, LastPass, and 1Password. Using a browser, like Edge or Chrome, is also another good option for storing passwords securely.
Caution: if you choose to download a password manager and forget the master passphrase, IT Services will not be able to restore it.
Security profile
Once set up, you can use your security profile to:
- change your password
- update your security information
- add additional authentication methods (MFA).
Information Security Toolkit
UWE Bristol IT systems are safe and secure, but you need to do your bit too!
The toolkit offers essential tips and guidance to protect yourself, others, and the University from cyber threats.
Compromised password
You must change your password immediately if you suspect a data breach or that it has been compromised.
Report an incident or breachYou may also be interested in
Data protection
UWE Bristol's privacy information including GDPR statement, Data Protection Impact Assessments, and privacy notices for staff, students and alumni.
Microsoft account and security info
Enabling easy access to UWE email, Microsoft 365, other services, resetting or changing passwords, and setting up multi-factor authentication (MFA).
Your UWE Bristol username and password
Useful information about your log in details, which username to use and when.
Cyber Security Awareness
Free, fun, interactive online activities help keep you, your data, and your devices safe from cybercrime.