Setting up and using Computer Account & Password Properly

Choosing a password

  • Each staff or student will have computer accounts for login to university central IT services. Use different passwords for these accounts. They should also be different from each of your other accounts (e.g. eBanking, Projects, etc.).
  • Do choose a password with at least 8 characters containing both alphabets and numbers and special characters.
  • Do choose a passphrase no longer than 64 characters in length for added security, containing a series of words not commonly found in literature or music preferably with spaces, punctuations and unexpected characters that are unique or specific only to you.
  • Do not use Weak Password. Weak Password includes:
    • Password that can be found in the dictionary.
    • Password that is related to your personal information, such as birth date, telephone numbers, any IDs, license numbers, etc.
    • Password that is related to names or places.
    • Abbreviations of common phrases or acronyms.
    • Sequences of numbers or characters, or consecutive keys on a keyboard.
  • Do not use your computer account name, or the reverse of it, as the password.
  • Do not reuse any previous passwords.

Managing your password

  • Change your password regularly.
  • Never give your passwords to anyone.
  • Do not write down your password. If you have to write them down, develop a way to help you recall your passwords without the actual passwords being written down. Whatever you do, don't write down what they are for and keep them safe at all times.
  • Do not store any password on any system including your own PC.
  • Do not use the same password for different systems or applications, especially those critical ones. Do not use the same password that you use in the university with services provided by ISPs or public services.
  • Always access the option for changing CityU account password via the CityU Homepage -> Quick Links -> Change Password -> Password Management (the column on the left). Never click on shortcuts, i.e. URL links given in email or are remembered in someone’s computer browsers.

Protecting your account and password

  • Do not share your computer account with others including your friends or family members.
  • Do not use your account to log in service through a public terminal, the security protection of which is unknown. Always log out, and/or reboot, before and after using a public terminal including PCs in the LTs, classrooms, terminal rooms, Express terminals.
  • Pay attention to the login page (make sure the URLs are secured by HTTPS) of the application to avoid using disguised pages. In case of doubt, please report to the CSC and the application providers (if different) immediately.
  • Do not leave your PC unprotected while you are away. Use a password-protected screen saver that is provided by Windows. Do not use other screen savers.
  • Do not download, install or use software from an unknown source. They may implant trojans or keyboard logging programs to trap your passwords.