Password security

What are the dangers of a compromised password?

Passwords confirm who you are and your rights to access a system. For most systems, your username or ID is easy to guess. If your password becomes known to anyone else, they can log in as you and you would have no control over their actions. This could happen to a social media account, your email, your bank account or more.

What to do if you think your password has been compromised

  1. Immediately reset your password on the account you think has been compromised
  2. Seriously consider resetting your passwords on your other accounts
  3. If it is a password on a UTS service, contact the IT Support Centre on 9514 2222

You can also check out Have I Been Pwned? (opens an external site) that can tell you whether your email address has ever been part of a known data breach. Don't panic if you find your account on a list here – data breaches are far more common than we like to think, but following the steps below will help keep your data secure.

How to keep your password safe and secure

Don't write it down. Ever.

If you write it down, you can lose it. If you lose it, someone else can find it.

Don't send your password via email or give it out over the phone.

Email isn't always secure and you don't know who might overhear you when on the phone.

Change your password regularly.

If your password is stolen, it may not be immediately used. Change your password at least every six months to be safe.

Make your password strong. 

A good password should be at least eight characters long. Use a mixture of upper- and lower-case letters, numbers and special characters. Don't include personal information in your password like your nickname, or your pet's name, etc. 

Consider using a passphrase.

A passphrase is a very long password that is easier to remember but harder for an attacker to guess or crack. For example, the password “Qbn&7ac9” is complex but fairly difficult to remember. The passphrase “HappyHippo@Holidays!” is also complex but much simpler to remember. (However, not all systems support such long passwords.)

Don't use the same password on different accounts.

If a malicious user finds out what your password is for one account, they might try using that password on other accounts that belong to you.

Be careful using shared computers.

If you use a public computer at an internet café or even the shared workstations available at UTS, disable any options to remember who you are. Pay attention to tick boxes with wording like 'Stay signed on', 'Keep me logged in' or 'Remember my details'.

Additional resources

There are many password generators available that can create 'memorable' passwords like Safe Password or Correct Horse battery (open external websites). You can also get an indication of the strength of a password you're considering using the Password Meter.

Change your UTS password

Change your UTS password at least every six months by visiting login.uts.edu.au/signin/forgot-password.

Acknowledgement of Country

UTS acknowledges the Gadigal people of the Eora Nation, the Boorooberongal people of the Dharug Nation, the Bidiagal people and the Gamaygal people, upon whose ancestral lands our university stands. We would also like to pay respect to the Elders both past and present, acknowledging them as the traditional custodians of knowledge for these lands.