Password security

Ensuring your passwords are secure is one of the most important things you can do to protect your information.

Primary page content

Password basics

The three main ways accounts are hacked are:

  • Someone has used a password that is too short or too simple, and it was guessed or predicted by a hacker
  • Someone has used the same password across multiple accounts, and a security attack on one has revealed the password
  • Someone has written their password down or shared it over email along with their username

You should consider your Goldsmiths account as important as your online banking and social media in terms of password security.  Someone accessing it could steal your work or the confidential details of others you hold.

Read more about choosing the best passwords on

Goldsmiths account

The Goldsmiths Password Policy (PDF) requires the following for your Goldsmiths account:

  • Be between 12 and 100 characters long
  • Contain upper and lower case letters
  • Contain numbers
  • Contain special characters eg ! $ # % @ +
  • Not contain any of these characters: “ < > ‘ & £
  • Not contain part of your name or surname
  • Not contain part of your username
  • Not reuse a previous password

Your computer and devices

Most web browsers and devices offer to store your username and passwords to make it easier to sign in to services.  Some also let you see the passwords you’ve used.

The downside of this is anyone who can access your device can get into all your accounts as easily as you can.

This means it is essential that you use a strong and different password to lock your device.

Always lock your device when you leave it unattended.

Read more on using your own devices.

Multi-factor authentication (MFA)

MFA is where you use more than one method to prove who you are when signing in. This can be entering a unique code in addition to your password.

You should use this whenever it is offered, especially for social networks and email.

Remembering and sharing passwords

Never write down your username and password together.

Passwords should never be in a format that anyone else can interpret. Keep them away from your device. You could use an encrypted password vault.

If you need to share a password with someone, never send it by email. Use a private message service like WhatsApp in a way that is not connected to your username. Ask them to delete the message once they have used it.