Passwords

From personal banking to your University account, passwords still play a critical role in protecting our digital lives – but only if they’re strong, unique, and hard to guess. Just like the lock on your front door, your password should be built to keep intruders out. Strengthening this first line of defence is a simple but powerful step we can take to protect our accounts, and the precious information that lives within them.

Photo of student using laptop at Parkville campus

Why it matters

Take a moment to imagine how much damage a cybercriminal could do with the password to just one of your social media accounts. Now think about if they got into something more sensitive – like your bank or myGov account, which holds your tax, health, and other personal government records.

123456

Still the most common password used globally

70 - 80%

Percentage of people who reuse passwords across multiple accounts

46 minutes

How fast a hacker can crack a password made of only six lowercase letters

Creating a secure password

Creating a secure password is simple and can be broken down into three easy steps:

  1. More is more: Aim for at least 12 characters (ideally more than 16). The longer your password, the harder it is for hackers to crack.
  2. Mix it up: Use a combination of upper and lowercase letters, numbers, and symbols to create a password that’s hard to guess. Never use personal information like your birthday, pet’s name, or your favourite footy team. Instead, think of a phrase or line from your favourite book and transform it into an acronym that’s complex but easy to remember.
  3. One of a kind: Use a different password for every account. Reusing passwords is like giving out a master key to your digital life. Reused passwords have led to account breaches in everything from online shopping sites to superannuation accounts.

An example of a creating a strong password using upper and lower case letters, numbers, symbols, and a focus on length (at least 12 characters but ideally over 16)

Your University password

Your University of Melbourne password must meet a strict set of requirements to help keep your account, the University’s information, and its systems secure.

You’ll be guided through these requirements when you set-up or reset your university password, noting that it should be a truly unique password that’s not used for any of your other online accounts.

Keeping track of your passwords

At this point you might be asking yourself “now how am I supposed to remember all those long, unique, and complex passwords?” To which we would reply with two magic words: password managers.

A password manager is a secure, tailor-made tool that helps you create, store, and manage your passwords for all your online accounts. It encrypts your login details and makes them accessible across all your devices, so you don’t have to remember them all. Many password managers also alert you to weak, reused, or compromised passwords, giving you a proactive way to stay protected.

There's lots of options on the market, including some free offerings. A quick search online will help you find one that best suits your needs and budget.

Multifactor authentication (MFA)

Multifactor authentication (MFA) adds an extra layer of security to your accounts by requiring more than just a password to log in. It’s a simple step that can make a huge difference in protecting your accounts from prying eyes.

At the University of Melbourne, we use Okta Verify for MFA which helps keep both your information and the University’s systems secure.

Find out how MFA works at the University and how to set it up

Passkeys

Passkeys are a secure, password-less way to log in to your accounts using biometrics (like your fingerprint or face) on your personal devices.

Besides being convenient and a faster way to log in, they’re also harder to hack because they can't be guessed and much more secure.

While not all websites or services currently offer passkeys, they are becoming more common. Our University multi-factor authentication offers passkeys, however you do need to set up regular Okta Verify MFA first.

Setting up a passkeys on your personal device means it will only work on your personal device and may cause issues logging into University computers. To ensure you can access your University account consistently across all University computers (including lab and library devices) you must set up Okta Verify first, then add your passkey.

Set up your University MFA

More information

News articles