The University of Waikato - Te Whare Wānanga o Waikato
ICT Self Help
Home Waikato Home  >  ICT Self Help  >  Standards & Guidelines  >  Password Guidelines Staff + Students Login |  - Logout

Password Guidelines

General use and misuse of computer systems is covered within the University's Computer Systems Regulations and Staff Code of Conduct. This document provides some basic standards and guidelines for good practice when using passwords at the University of Waikato.

Passwords are an important aspect of computer security. They are a front line of protection for computer access and the safeguarding of data. Failure to maintain password integrity may result in the compromise of the entire University network and the destruction of corporate data. As such, all users are responsible for taking the appropriate steps, as outlined below, to select, maintain and secure their passwords:

  • All staff passwords have a maximum lifespan of 90 days, and student passwords 180 days. If you do not manually change your password within this timeframe, you will automatically be prompted to do so 14 days prior to expiry.

  • Passwords should be between 6 and 8 characters in length and comprise a mixture of upper and lower case letters, numbers and symbols and should not be a simple English word. It is also inappropriate to use your name or username in any form, or any 'obvious' or easily obtainable personal information (i.e. date of birth, favorite sports team, pet's name, etc.). Suitable passwords would therefore include 'H@ltw0rk' or '$l33pF1g' but not 'Crusaders' or 'Tiddles'!!!

  • Passwords should be kept secret at all times. Users must not, under any circumstances, disclose their password to others. Note - support persons should never ask you for your password - anyone asking for your password is in breach of the University regulations.

  • In some circumstances, users may need access to another person's email for administrative reasons.  This access can be achieved by using a shared mailbox which is owned by a group of people, and not one person. Contrary to popular belief, it is not necessary for a user to log on to another person's account in order to access this information.

  • Users must not write down their password.

  • You must never send email with your password included, as email is not considered secure and could potentially be read by unintended recipients.

  • Should a changed password be forgotten, the user should visit the ITS Service Desk / Student Centre, where they may be required to produce ID in order to get their password changed to an interim one, which will in turn require changing once the user logs in.

LD Self ServiceLog Your Own Ticket

The University has provided a Self Service tool through which you can log your own tickets (jobs). You can also search for a previously logged ticket to check its status. For urgent jobs you can phone the ITS Service Desk: ext 4008 (838 4008) for support.


How To Guides

Your step by step guide to various ICT services.

Help & FAQ's

View FAQs on our available topics.

Standards & Guidelines

View documented standards, guidelines & policies.

ICT Glossary

Site Map