Important changes to passwords
If you haven’t changed your password since 13 August 2018, you need to change it now.
If you changed your password after 13 August, you don’t need to change it again.
Already registered for MFA (multi-factor authentication)?
You still need to change your password if you haven’t done so since 13 August.
Once you’ve done both of these things, your password won’t expire.
How to change your password
New password rules require stronger passwords. Check the tips below for how to create a strong password that won’t be rejected.
When you’re ready to update it, go to change my password
Choose either a long and simple password or a short and complex one (less than 13 characters).
- A passphrase (more than 13 characters) is a sentence or several random words like, ‘I like swimming’. You don’t need to include special characters and you can include spaces.
- Or use a combination of special characters (at least eight) including at least three of the following:
- upper case letters
- lower case letters
- Use your username or part of your name in your password.
- Add numbers or symbols to passwords the system has already rejected (like replacing an s with a $, or an a with a @). The system will recognise the password you already tried and will keep rejecting it.
All attempts at setting passwords by Monash users, are checked against a database of 600 million stolen passwords. If you try to use a password that’s found in this database, it will be rejected to keep your account and the University secure.
Keeping your password safe
Monash University will never ask you for your password. Any emails you receive that appear to be from Monash which request your password are not real and should be deleted.
- Never share your password - you're responsible for keeping your password private. Sharing your password is a breach of the Acceptable Use Policy and can lead to disciplinary action.
- If someone accesses your account using your password, you're held responsible for their actions. A malicious user can have a severe impact by deleting your files, reading private emails, sending offensive or abusive emails, sending spam or entering into financial transactions on your behalf.