A strong password is key to your digital safety and will help to protect yourself and your information. Weak passwords can easily be cracked by tools used by cybercriminals, leaving data exposed and subject to malicious attack. Once a cybercriminal has cracked your password, they may also expose your identity getting access to bank accounts or even bank credit in your name without your knowledge.

Your RMIT password unlocks a wide range of systems and applications that provide access to research data, intellectual property and confidential information. It is important that access to the data is only available to authorised users.

The ABC of a strong password

  • A unique RMIT password. Your RMIT password must be solely for RMIT authentication and be a password that is not used to access any other application ever. If one of your personal accounts is compromised, cybercriminals won’t be able to use that password to access any other of your applications/services or your RMIT account. 
    • Avoid using predictable patterns, common phrases from movies, a single word from the dictionary (a combination of four unassociated random words is OK), predictable number or alphabetic sequences and personal known facts such as your date of birth, family member names and place of birth.
  • Letters, characters, numbers. Use 8-25 characters with letters, characters, symbols and numbers Longer equates to stronger.
  • Make a ‘passphrase’ Choose your favourite song, movie, poem or a random sentence. Recall the first one or two sentences. Take the first letter of each word, swap any letter ‘o’ or ‘z’ for numbers and add in a few symbols and you will have a unique password. For example, a phrase like “The Dees will win the Grand Final by 10 points!” might become “TheDee5willwintheGFby10pt5!”. It’s easy to remember, long, secure password that’s hard to crack.
  • Don’t share your password. Never share your password. Don’t write it down.
  • Change a default password immediately. Never leave your password as the default password. Change it as soon as possible.
  • Don’t ‘save your password’. Decline prompts to ‘save your password’. This will mean if your device is compromised, cybercriminals won’t have automatic access to other systems and applications you use.
  • Use a password manager. A password manager is an application you can install on your devices that will help you to generate, manage and store your passwords securely, making it easy to have a different password for every application you use. You only need to remember a master password and the application takes care of the rest.

Been hacked?

  • Change your password immediately if you think it has been breached.
  • Alert me tool. The website ‘haveibeenpwned.com’ has a great feature called ‘Notify me’. If you subscribe to be notified, you will get an alert if any of your emails accounts or passwords are compromised. It will also tell you where the breach occurred so you can quickly change your passphrase. Go to: haveIbeenpwned.com.

Set up self-service password reset (SSPR)

By having SSPR set up on your RMIT account login, you will be able to reset your password from anywhere on any device.