Skip to main content

Your Password

Guidance for setting up your account password to increase your cyber security

Selecting a new password is a difficult balance between being ultra-secure and having something that you can remember easily. There are more things that you shouldn't do when choosing a password than recommendations of what you should do.

If you think your University password or accounts have been compromised please contact the Helpdesk immediately.

Nobody from the University will ever ask you for your password and you should never give it out to anybody.

Choosing a password

  1. The password is case-sensitive.
  2. Your password must be between 12 and 256 characters.
  3. We strongly recommend you use a personal 'passphrase' as a password as this is a good way to create a strong password that can be easily remembered but difficult to crack.  A passphrase is where you combine three random words to create a single password and numbers and symbols can be used if needed (for example 3redhousemonkeys27!).
  4. The longer the phrase the better.
  5. Uppercase, lowercase, numeric and special characters (except '£' and '€') are allowed and encouraged.

Remember the following password safety points:

  • Do not use your username in any form (as-is, reversed, capitalized, doubled, etc).
  • Do not use predictable passwords (such as dates, family names, and pet names).
  • Do not use any other personal information (such as licence plate numbers, telephone numbers, ID numbers, or part of your address)
  • Do not use the most common passwords that criminals can easily guess (like 'passw0rd').
  • Do not use your University of Hertfordshire password for non-University systems or accounts
  • Do not re-use the same password across important accounts (apart from UH systems which are part of single-sign-on).  If one of your passwords is stolen, you don’t want the criminal to also get access to (for example) your banking account.
  • Do not use a pattern of letters on your keyboard (such as 123456 or qwerty).
  • Do not use numbers to represent letters (such as zero for o, 3 for E, etc).
  • Do not simply tack a sequential number on the end or in the middle of your password.
  • Do not use all numbers.

Some suggestions:

  • To create a memorable password that's also hard for someone else to guess, you can combine three random words to create a single password.
  • Use a password with mixed-case letters. Not just a capitalized word, but put some uppercase letters in the middle somewhere.
  • Use more than the minimum 12 characters.
  • Try to select a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking over your shoulders.
  • Look for unusual ways of contracting words.
  • Misspell words.

Should you write your password down?

The experts vary in their response to this question but ideally, no.

If you do write it down, do not store it on your computer, smartphone, or tablet. Keep it on a piece of paper, not near your computer, and ensure that you do not include any other information which might identify your username or account. If possible, do not write down the password itself, instead, write down a cryptic clue to help you to remember what it is.

Passwords - change or forgotten

Please remember that you may need to allow time for your password change to synchronise across multiple University systems.

When entering your username into the password change website, please make sure to enter just your username, NOT username@herts.ac.uk. 

You can change or recover your University password online here: https://www.pss.herts.ac.uk/ 

Please remember to keep your registered details up to date on the Student Record system https://www.studentrecord.herts.ac.uk (students) and HR system (staff) to make sure password verification messages are sent to the correct contact details.

Multifactor authentication (MFA)

Also known as MFA, multifactor authentication adds another layer of security to your online accounts by verifying your identity using a second factor and prevents anyone but you from logging in, even if they know your password. 

  • The second factor could be a push notification sent to an app on your phone or a code sent by SMS or a phone call. 
  • You may already be familiar with MFA if you do online banking or have other online accounts. 

MFA is available for all staff and student login accounts at the University of Hertfordshire.

Be vigilant and check the authenticity of any messages or instructions before acting.

Important note regarding your eduroam Wi-Fi connection when you change your password

How to avoid getting locked out of your UH user account if you have eduroam on your device(s):

The eduoram Wi-Fi service stores your current password on your device and does not automatically update it when you change your UH password.  

eduroam will try to connect you automatically when you come into range but will fail to authenticate if the password stored on your device(s) does not match your UH account password.  This may then lock you out of your UH account completely.

  1. If you are currently connected to eduroam, first close the connection on your device(s) and select an alternative internet/data connection before you change your password. (eg, if you are using a laptop for your password change, don't forget to close the eduoroam connection on your mobile phone before you start as well)
  2. Once you have changed your password and when next on campus visit https://getconnected.herts.ac.uk/ on each of your devices and follow the instructions to uninstall/forget and reinstall eduroam. 
  3. Remember to do this for all your devices that connect to eduroam 
Alternative network connections to enable you to change your password on campus include: Your personal mobile device data, LRC PC, Wired (ethernet) connection in halls of residence, or UH Wi-Fi (temporary only - eduroam is strongly recommended for the best user experience)
 
If you need further help reinstalling eduroam on your device please contact the Helpdesk
Find more information on getting connected  at ask.herts.ac.uk/set-up-eduroam-wireless#Wi-Fi

Mobile apps

  • UH Mobile apps (e.g. HertsMobile or MS Teams) sometimes take a little longer to pick up the change in your password.
  • The apps on your device will (at some point) stop working as they no longer recognise your old password. 
  • Some apps will simply request that you sign back in using your UH username and your new password.
  • You may need to uninstall and reinstall other apps. 
  • You can try logging out and back in again (or uninstalling and reinstalling) to force the change through more quickly 

Troubleshooting

  1. Be patient, it may take a little while hours for all systems to synchronise with the new password.
  2. Try logging out and then back into your systems.
  3. Log out of your computer, shut down, and restart.

You are prompted to enter a password for Outlook 365, a box appears for a short time and then disappears. It's now saying that your Office account has been deactivated

  1. Go to your Windows PC start menu (bottom left-hand corner)
  2. Select Settings (the cog symbol)
  3. Select 'Accounts'
  4. Select 'Access work or school'
  5. Select your UH account for O365 and then 'Disconnect'
  6. Once disconnected reopen an Office app and try signing in

MS Teams has stopped working properly

  • Sign out of Teams (click on your picture/initials in the top-right hand corner and ‘sign out’) then sign back in.
  • MS Teams is part of O365, so make sure you are signed into O365 with your new password.  If not sign out of all O365 apps (Outlook, OneDrive, etc) and sign back in.
  • If necessary uninstall and reinstall the Teams desktop version.
  • If the desktop version is still not working try using the web version of Teams until the issue is resolved.

I can’t connect to the VPN

  • See if you can sign in with your old password. 
  • Log out of the VPN and back in again; the VPN should then require your new password.
  • Lastly try reinstalling the VPN: https://vpnsetup.herts.ac.uk/

If you think your University password or accounts have been compromised please contact the Helpdesk immediately.

Further cybersecurity guidance and information is available on AskHerts:

Multifactor authentication

Also known as MFA, multifactor authentication adds another layer of security to your online accounts by verifying your identity using a second factor and prevents anyone but you from logging in, even if they know your password. 

  • The second factor could be a push notification sent to an app on your phone or a code sent by SMS or a phone call. 
  • You may already be familiar with MFA if you do online banking or have other online accounts. 
Be vigilant and check the authenticity of any messages or instructions before acting.

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
COVID-19 updates: please refer to the LCS Service Status page for updates on service availability. https://status.herts.ac.uk .................. Online and telephone support is available 08:00 to 17:00 Monday - Friday with telephone support only available outside of these times