Guidelines on setting and using Computer Account Password

Choosing a password

  • Each staff or student will have computer accounts for login to university central IT services. Use different passwords for these accounts. They should also be different from each of your other accounts (e.g. eBanking, Projects, etc.).
  • Do choose a password with at least 8 characters containing both alphabets and numbers and special characters.
  • Do choose a passphrase no longer than 64 characters in length for added security, containing a series of words not commonly found in literature or music preferably with spaces, punctuations and unexpected characters that are unique or specific only to you.
  • Do not use Weak Password. Weak Password includes:
    • Password that can be found from dictionary.
    • Password that is related to your personal information, such as birth date, telephone numbers, any IDs, license numbers, etc.
    • Password that is related to names or places.
    • Abbreviations of common phrases or acronyms.
    • Sequences of numbers or characters, or consecutive keys on a keyboard.
  • Do not use your computer account name, or the reverse of it, as the password.
  • Do not reuse any previous passwords.

Managing your password

  • Change your password regularly.
  • Do not let others know your account password.
  • Do not write down your password. Do not store any password in any system including your own PC.
  • Do not use the same password for different systems or applications, especially those critical ones. Do not use the same password that you use in the university with services provided by ISPs or public services.

Protecting your account and password

  • Do not share your computer account with others including your friends or family members.
  • Do not use your account to login a service through a public terminal, the security protection of which is unknown. Always logout, and/or reboot, before and after using a public terminal including PCs in the LTs, classrooms, terminal rooms, Express terminals.
  • Pay attention to the login page (make sure the URLs are secured by HTTPS) of application to avoid using disguised pages. In case of doubt, please report to the CSC and the application providers (if different) immediately.
  • Do not leave your PC unprotected while you are away. Use password protected screen saver that is provided by Windows. Do not use other screen savers.
  • Do not download, install or use software from unknown source. They may implant trojans or keyboard logging programs to trap your passwords.