IT Services passwords

VPN service upgrade

If you use the Oxford VPN, please note that there is a VPN (virtual private network) replacement project. After the upgrade on 26 April 2023, access will be via the Cisco AnyConnect Client only, and login will be via Single Sign-On (SSO).

Sign in to VPN before 26 April to ensure it is updated. Older versions will be automatically updated between 14 March and 4 April, newer versions from 4 April.

 

The Information Security team provide guidance on creating strong passwords.  GCHQ also provide further advice in their password guidance document.

Login to a service.

For specific rules for each account password, please see the relevant sections below.

 

Expand All

Multi-factor authentication (MFA) is being implemented for customers of Single Sign-on (SSO) across the University. Anyone with a Single Sign-On account will be expected to adopt multi-factor authentication. This will include:

  • Second factor – A second step will be added which involves customers receiving a code (e.g. via a mobile, landline or text message) or generating a code using the mobile app (this requires no mobile (4G etc.) or Wi-Fi connectivity to their mobile device) clicking approve and entering the code into the required field when prompted. Once the second factor is activated, the requirement to enter a code will depend on individual circumstances such as devices, settings and location, and so most users will rarely be prompted.
  • Help and guidance is available for setting up Multi-factor authentication.

Your SSO password is used to access a number of services including:

Further SSO details can be found on the Oxford Username and Single Sign-On page.


Password rules

The rules the Single Sign-On password must follow are that it:

  • is a minimum of 16 characters.
  • must not be a dictionary word or a name.
  • must be different from, and not based upon, your Oxford username.
  • must not be a previously used password.
  • must differ from the previous password by at least three characters.
  • must contain at least 5 different characters.

Change your password / Reset a forgotten password

Your SSO account password has a lifetime of one year.  You will start to be prompted to change it three weeks before it is due to expire.

  • If you know your old password you can use it to set a new password.
  • If you have set your security questions you can reset a forgotten password.
  • If you have not done so already, you are strongly encouraged to set your security questions.
  • If you have forgotten your password and have not set security questions, or provide 3 incorrect responses to your security questions, you will need a rescue code.
  • Your local IT Support Staff can provide you with a rescue code.
  • The central IT Service Desk can send a rescue code to your registered alternate email address, or by University messenger to your primary college or departmental address.

To log in, use your Oxford username in the format of abcd1234@OX.AC.UK

A Remote Access account is used to access:

  • the eduroam WiFi service.
  • the VPN (Virtual Private Network) service.

To use Remote Access, you use your Oxford username and your Remote Access password.  A Remote Access account can be created or the password changed through the Self-Registration pages, with any status queries clarified on the card entitlements page.

Further details can be found on the Remote Access Account page.


Password rules

The rules the Remote Access password must follow are that it:

  • must include at least one character from three of the following:
    • Lowercase letters (a-z)
    • Uppercase letters (A-Z)
    • Digits (0-9)
    • Punctuation characters (such as &'^!."[,]-+)
  • must contain between 10 and 24 characters.
  • must contain at least five different characters.
  • must not contain backslashes, backticks, spaces, single quotes or double quotes.
  • must not be a dictionary word or a name.
  • must not be a subset or superset of your current password.
  • must not be based on your SSO username.
  • must not be the same as your SSO password.

Change your password

Your Remote Access password's expiry date is set to your University card's current expiry date whenever the password is changed.

  • Your Remote Access password can be created or updated through your Self-Registration pages.
  • The new password will become active within 15 minutes.

An OpenScape account is used to access:


Password rules

The rules the OpenScape password must follow are that it:

  • must contain at least one character from each of the following:
    • Lowercase letters (a-z)
    • Uppercase letters (A-Z)
    • Digits (0-9)
    • Punctuation characters (such as &'^!."[,]-+)
  • must contain between 8 and 32 characters.
  • must not contain spaces, single quotes or double quotes.
  • must not contain any character more than three times in succession.
  • must not be the same as your SSO password.

Change your password

Your OpenScape password can be changed or reset your through your Self-Registration pages (this will also show you your username for the service).

    A Chorus voicemail password is used for:

    • the Chorus telephone system's voicemail service.

    Password rules

    The rules the Chorus voicemail password must follow are that it:

    • must only include following characters:
      • Digits (0-9)
    • must contain 6 digits.
    • must not contain more than three of the same digit.
    • must not be in a sequence.

    Change your password

    Your Chorus voicemail password can be changed or reset your through your Self-Registration pages.

    An HFS backup password is used for:

    • the HFS backup client.

    Password rules

    The rules the HFS backup password must follow are that it:

    • must contain at least two characters from either of the following
      • Lowercase letters (a-z)
      • Uppercase letters (A-Z)
    • must contain at least one character from either of the following:
      • Digits (0-9)
      • Plus, period, underscore, hyphen or ampersand characters (+._-&)
    • must contain between 10 and 63 characters.

    Change your password

    HFS backup client passwords expire 190 days after being set.

    • Your HFS backup password can be changed through the HFS Portal.

    To log in, use your Oxford username (without @OX.AC.UK after it)

    A CONNECT account is used to access:


    Password rules

    The rules the CONNECT account password must follow are that it:

    • must contain at least 16 characters.
    • must not have been used as one of your previous 24 passwords.

    Change your password

    Your CONNECT password will need to be changed every 12 months.

    For advice on accessing computers or facilities on your college or departmental computer network, please contact your local IT support teams.

    Please see the login to a service page, which details what password you need for a number of services and accounts.  If IT Services do not directly support the service there will be a link to the team that does.

    There is information available on passwords used at the Bodleian Libraries.