Maintaining cyber security in the face of increasing online threats can be a daunting challenge. Here are some common questions and answers to help you understand and manage your online life. 

Is it better to change a password frequently or just stick with a good password?

Password can be stolen without the user’s knowledge, and saved for later use or used surreptitiously, e.g. to secretly read the user’s email and access other systems. Regular password changes can help limit the damage.

Your strategy should include both regular password changes and the use of strong passwords. It is unlikely that you would know if someone already has your password, so the best protection is to change it regularly. However, it is also important to use a password that is easy to remember. You should never write your password down because this gives potential hackers an easy path to your account.

The best option is to create a pass phrase you can remember. A pass phrase is not only easier to remember but has the advantage of being longer than traditional eight character passwords. The more characters you have the harder it is to crack. 

Ensure your password follows these guidelines:

  • As many characters as you can remember and type comfortably. Don't forget that you will have to type this on mobile devices.
  • Mix up the characters
  • Don't use non-random phrases, names or dictionary words. Anything published on the internet can be used by brute-force dictionaries. It may seem like a good idea to use a lyric from your favourite musician but this will most likely be cracked in seconds.


How significant are cyber threats? What different does my password security make?

Here's an excerpt from the Australian Cyber Security Centre Threat Report 2016

The Report also stresses the consequences of not adequately understanding and preparing for cyber security incidents. Malicious cyber activities risk “the profitability, competiveness and reputation of Australian businesses” while the “ongoing theft of intellectual property from Australian companies continues to pose significant challenges to the future competiveness of the Australian economy.”

Individuals must take responsibility for the security of their own accounts, not simple because of threats such as ransomware and phishing attacks, but also because individual accounts are a gateway to corporate data. For example, if an individual experiences a ransomware attack it will automatically spread to all fileshares that individual has access to. 

I'm currently in a remote location. I can get email but can't access the internet. Will I be locked out of services when I return to UQ?

Your email access won't be affected. Next time you are able to access the internet you will be prompted to change your password. You will need to ensure all your email accounts are synchronised with your new password before you head back out into the field. 

I don't agree with the password change policy. Who can I talk to about it?

The password change process has been initiated by the UQ Executive, required by External Auditors and the Senate Risk Committee and is best practise. If you wish to discuss this further please contact the service desk and we will forward your enquiry to Rob Moffatt, Chief Information Officer of Information Technology Services. 

Is my password good enough?

The Password Change page is updated periodically with new password strength requirements and revised dictionaries. This ensures that permitted passwords are strong, and as safe as possible from automated password guessing attacks.

The password change page includes a password strength indicator.

Do I have to change my password if I've already changed it recently?

If you have changed your password within the past 12 months you won't have to change it yet. The password policy requires you to change your password at least once every 12 months.