Don't let weak passwords ruffle your feathers

Strong, secure and secret: protect your passwords and stay safe online

7 May 2026
InfoSec Team

World Password Day on 7 May is a reminder to give a little extra love to the passwords we use every day. Weaker passwords – including the ones we use for our Oxford Single Sign-On (SSO) and other University accounts – can make life too easy for cybercriminals.

Try using a long, memorable combination of random words when you update yours - like GrumpyPigeonStoleMyChips - but choose an original combination that only you know. Store your passwords safely and use Multi-Factor Authentication (MFA). If anything feels suspicious, change your passwords straight away to stay protected.

Hints and tips: -

  • Use a minimum of 16 characters - longer passwords are harder to crack.
  • Choose random unrelated words – pick words that have no connection to each other for a strong, memorable password.
  • Some systems may require passwords that include numbers and special characters.
  • Use different login credentials for each of your accounts - and to help you keep track of them use a password manager. Tools like KeePass, Apple Keychain, or 1Password will help you store and generate secure unique passwords.
  • If you must write down any password, keep it somewhere secure which only you can access – not in a document on your computer.

  • Enable MFA - which is required by default to log into University systems with Single Sign-On (SSO) but should also be added to other accounts. MFA acts as an additional layer of security, making it harder for unauthorised users to access your accounts.

  • Better safe than sorry - if you think your account may have been compromised change your passwords, just to be sure. If you suspect a cyber incident report it to Information Security at oxcert@infosec.ox.ac.uk

Managing SSO passwords and MFA

All University SSO passwords have to be updated at least once a year, or earlier if you suspect anyone else may know it. Find out more about managing your SSO.

If you use a centrally managed PC (e.g. in UAS or the Gardens, Libraries and Museums), you may also choose to set up a secure six-digit PIN or biometric options such as fingerprint, or facial recognition (if your device allows this), as a form of MFA which makes it quicker and easier to log in.

More information on how to keep your passwords from flying the coop is available here - Create strong passwords

 

Letters on a wall