Keeping your password secure

content

Our systems use the combined UHI username and password to verify who you are and what you are entitled to access.

Any activities carried out in our systems will be attributable to the UHI username that has logged into the system, so it is extremely important that you do not allow anyone to have access to your account details as you will be responsible for any activities undertaken with your UHI username.  It is therefore your responsibility to ensure that your password remains secure and is only known by you.

The following steps can be undertaken to ensure your password details remain secure:

  • Change your password from the default password you are provided
  • Don’t tell anyone your password
  • Don’t write your password down
  • Don’t include your password in an email (even to your local IT support or the Servicedesk)
  • If you think someone knows your password, change it
  • Change your password regularly
  • Don't use the same password for different external services
  • Ensure you create a strong password

Only you know your password, even the members of local ICT support and  can’t see what it is.

strong password is one that is hard to guess, there are a number of ways to ensure the password you create will help your account details stay secure;

  • Length - we would advise not setting passwords that are less than 8 characters
  • Words - try not to use proper words, automated hacking programmes will also try common misspellings, words spelt backwords and words with obvious digit substitutions, e.g., using a 5 instead of an S. Random combinations are the most secure
  • Variation - the most secure passwords have a combination of letters and numbers, lower and upper case
  • Don’t reuse a password - reusing also covers changing a number at the end to make it unique.

However watch you don’t make your password so hard to guess that you can’t remember it!  A method of creating a hard to guess but easy to remember password is to use the first letters of a favourite quote, name, film or song.  For example "To the uneducated, an A is just three sticks." (A. A. Milne) would become TtuaAij3s (but please don’t use this one, as its written down!).

Even a strong password can eventually be guessed if it has been used for a long period of time. It can be hard to choose and remember a strong password, this YouTube video might help!

It can be difficult to keep track of passwords, we'd recommend that staff and students think about using an external password management service, such as KeePassLastPass or 1Password. These services are external to UHI, there may be a charge for using or installing the service.

Please contact the Servicedesk if you forget your password and it can then be reset.

Occasionally you may receive emails which ask you for your account and password details. You should be cautious of any unexpected email you receive that asks for this type of detail, as these are often phishing emails. These emails are an attempt to get your UHI username and password details so that your personal information can be stolen.  Often these emails look genuine and will have text along the lines of your email account will be suspended unless you reply with details of your account and password.

Before replying to any message such as this, please check the sender email address, if its not from an @uhi.ac.uk account you should be wary.  Also please bear in mind that the UHI Servicedesk will never ask you for your password details.  If you are at all unsure about information you are being asked to provide please call the Servicedesk to confirm. If you think you have accidentally supplied your information please contact the UHI Servicedesk to have your password reset.

If you are sent emails with website links in them, check that the link appears goes to a UHI based site. These generally have uhi.ac.uk in the link name, e.g, https://myday.uhi.ac.uk/

Most UHI websites that ask you for a login should be secure sitesyou can tell this by the s in httpin the address bar, and there will usually be a padlock shown on your web browser software.  Incorrect spelling, odd looking graphics or strange website names can be a give-away on fake sites, but many look very professional.