Password Best Practice
Passwords are important. They are key to almost everything you do online and provide access to key university services. Choosing passwords that are difficult to break and manage them securely can sometimes seem difficult. There are a few simple steps that you can follow to make your passwords as secure as possible.
Create strong and unique passwords using 3 random words
The National Cyber Security Centre (NCSC) recommends combining three random words to create a password that’s ‘long enough and strong enough’.
For example three random words such as apple nemo biro could be combined into the password applenemobiro. By adding numbers or special characters between the words you are making the password even stronger such as - apple3nemo#biro
Try to avoid creating passwords from details that can be found in your social media profile such as your birthday, family and pet names or your favourite sports team.
By using a password that’s made up of three random words, you’re creating a password that will be ‘strong enough’ to keep the criminals out, but easy enough for you to remember.
Use a browser or app to safely store your passwords
Remembering lots of lengthy complex passwords can be difficult. Store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.
You could also use a password manager (also known as a password vault). This is an app you can install on your phone, tablet or computer that can create strong passwords and store them securely.
Use different unique passwords for each of your most important online accounts: such as email, social media and banking.
If you use the same password on multiple accounts, such as your email, online banking, online shopping and social media, a cyber criminal will only need one password to access all your accounts.
This has the potential to leave you exposed to identity theft, financial loss, extortion, fraud and other cyber crimes.
Turn on a second layer of security
Multifactor authentication (MFA) which is also known as two-factor authentication (2FA) or 2-step verification (2SV) is a free security feature that gives you an extra layer of protection online. If you set-up MFA it significantly reduces the risk of your account being hacked by asking you to provide a second factor of information when you log in. This could be a code that's sent to you by text message, or that's created by an app.
For information on how to set up MFA for your BNU account click here.
✔ Use separate passwords for your BNU account, your email account, and other accounts you may have such as banking & social media.
✔ Make sure your password is strong – Three random words combined into one password is an effective way to create a strong password that is easy to remember. Avoid using common passwords such as the word “password”, do not use your username, birth dates, family, or pet names.
✔ Save your passwords in the browser – By storing your passwords in a browser you are allowing your browser to remember your password for you and is safer than using weak passwords.
✔ Save your passwords in a password manager – In case you have trouble remembering your passwords but want your accounts to be secure, you can use a password manager (or password vault).
✔ Make sure you always have Two Factor Authentication enabled.
✔ Visit the Password Management page for steps on how to change your BNU password.
✘ Never share your password with anyone (including IT support)
✘ Do not perform financial transactions on public networks
✘ Never write your password down and keep it on your desk or anywhere others can access it easily
✘ Avoid using the same password on multiple websites, all your accounts could be compromised in one go.
If in doubt, call it out
Report anything suspicious straight away. Any concerns about information security or cyber security can be reported directly to the IT Service Desk by emailing: IT@bnu.ac.uk or calling 01494 605000. Additional contact details are available here.
Additional help and advice
Reliable guidance on managing your passwords can be found on the NCSC web site: