There are basically two ways in which an IT criminal can access a password and your data:

  • by asking for it
  • by attempting to access it

In order to make it more difficult for an IT criminal to access passwords and data, AU places certain requirements on the length and complexity of passwords for, for example, AU computers and the university’s IT systems.


  • Passwords must be strong. You must ensure that your password can not be guessed easily. Some systems will automatically ensure that certain minimum requirements are met, on others you must choose something sensible yourself. 
  • A password must contain at least twelve characters. Longer passwords may be required for privileged access, for access to sensitive information or to mission-critical systems.
  • A password must contain combinations of at least three of the following categories: uppercase letters, lowercase letters, numbers and special characters. 
  • Do not use user names or dates as part of a password. 
  • A password must be changed regularly.

Create strong passwords and avoid sharing your data with strangers.