Password Policy


Policy Statement

Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorised access and/or exploitation of University resources. All users, including contractors and vendors with access to University systems, are responsible for taking the appropriate steps to select and secure their passwords.


The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.


Users must note that passwords are for their own personal use and must not be shared or disclosed to anyone. It is an offence under the Computer Misuse Act 1990 to access or attempt to gain access to a computer system or computer material to which one is not entitled.

It is a breach of this Policy for any user to misuse their own or other user’s password. If any such misuse results in a user knowingly elevating their system privileges above those that they have been authorised to use then this will be considered an act of gross misconduct.

Password management procedures are in place to ensure the implementation of the requirements of the information security policies to assist both staff and students in complying with best practice guidelines.


The University of Derby will view misuse of its systems extremely seriously. Disciplinary action in line with existing procedures will be taken. The University of Derby reserves the right to refer to the police any behaviour suspected of being of a criminal nature.


This policy applies to any person who uses the University’s IT systems.

Where the policy refers to “user” this means all members of staff employed by the University, students, work placements, or any person providing a service to the University under a contract.

This statement should be read in conjunction with these Policies and Statements of Best Practice:-

  1. Personal Information Promise
  2. Information Security Policy
  3. Data Code of Conduct
  4. Acceptable Use Policy
  5. Guarding your privacy


Have more questions? Submit a request


Powered by Zendesk