A strong password or passphrase is still one of the best ways to secure your UQ and personal accounts. This is especially important during the COVID-19 pandemic, due to the high volume of malicious cyber activity and scams targeting individuals and organisations. Learn more about COVID-19 related threats here.
You can implement a number of simple password management practices immediately to enhance the security of your UQ and personal accounts:
- Use a strong password or passphrase: UQ recommends a minimum of 10 characters for your password or passphrase, including upper and lower case letters, at least one number and special character. A passphrase is a type of password combining multiple words or characters that is long but easy to remember (e.g. 2Book#Shoes!). You can change your UQ account password here, and refer to our password guidelines.
- Use unique passwords: Use strong and unique passwords, especially for accounts that store sensitive information such as your UQ, banking, and personal email accounts. Avoid reusing passwords. Online systems and websites are regularly compromised and cyber criminals can use reused passwords to gain access to your other accounts.
- Store your password securely: The best place to store passwords is your memory – don’t write them down or save them in a web browser. Using a personal password manager is recommended to easily and securely store unique passwords for many different accounts.
- Be aware of fake websites: Cyber criminals may attempt to steal passwords by creating fake websites designed to look like UQ, government agencies, banks or other legitimate sites.
- Change your password regularly: Changing account passwords at least once every 12 months is recommended. This is compulsory for UQ staff accounts.
- Don’t share your password: Never share passwords with anyone else, not even family members.
- Use multi-factor authentication (MFA): MFA adds an additional layer of security and is being enabled for all UQ staff accounts to protect your personal information and our systems. Enabling MFA for personal accounts where available is highly recommended.
- Report suspicious activity: If you notice any unusual account activity, open a suspicious link/file, or believe your account may be compromised, change your account password and contact IT Support immediately.
For further information please visit password guidelines and account security or contact IT support.
