How to manage your SSO password

Expand All

The email or letter which is sent out following the allocation of an Oxford Single Sign-On account username includes an Activation Code, for example ABCD-EFGH-IJKL.

The Activation Code has a limited lifetime (specified in the email or letter) during which you must activate your new account via the web page at: https://webauth.ox.ac.uk/activate. If you don't activate your account within this time, you can contact IT Services Central Service Desk.

When you go to the webpage, you will be asked to fill in some personal details and then include either your university card number or student number.  You will then be asked for your Oxford username and Activation Code.

To complete the activation process, you will need to set up a Security Question and Answer and then use these to set a new password.  Oxford Single Sign-On accounts have a self-service password reset facility - this lets you choose a new password if you ever forget the old one, or if you let it expire. The reset facility uses a secret security question (e.g. "nickname of my favourite teacher") and answer (e.g. "frankystein") that you set up as part of the account activation process. To set up a security question and answer, follow the instructions at https://webauth.ox.ac.uk/security_question

The security question should be carefully chosen. The answer should be easy for you to remember but very hard for anyone else to find out or guess. You should avoid using information that could be obtained from publicly available records or web sites such as Face Book. Obscure trivia from your childhood often provides good material. You can also try and make the question a little cryptic, so long as you will understand it in a year or two's time.

Here are some examples of good security questions:

  • "My favourite teacher's nickname" (e.g. "frankystein")
  • "The registration of my dad's first car" (e.g. "ABC123G")
  • "Where my mum and dad met" (e.g. "Skegness pier")
  • "Sammy's passion" (e.g. "spaghetti hoops")

Some examples of poor security questions:

  • "My favourite colour" (too few possible answers so easily guessable)
  • "My favourite movie" (may well have changed by the time you need to use this facility)
  • "Our Anniversary" (too many different ways to enter the date)

Once you have set a security question successfully, you will be shown a confirmation screen.

When you activate your account, or if you ever forget your password, you can set a new one by following the instructions on the web page at: https://webauth.ox.ac.uk/reset_password. After supplying your personal details, you will asked for the answer to your security question. If you answer correctly, you will then be able to set a new password for your account which will need to be a minimum of 16 characters. If you give three wrong answers, the system will lock you out and you will need get a Rescue Code from your Local IT Support.

Once you have answered your security question successfully, on the next screen, type in the new password for the account. Repeat the password in the second box. This is to confirm your typing because your password is not shown on the screen.  If you do not set a suitable password, the system will reject it and ask you to try again.

After the system has accepted the new password you will see a confirmation screen. You can now use your new password to access your account.

If you have never set a security question, or have forgotten what the answer is, you will need to contact your local IT Support or the IT Services Central Service Desk for a Rescue Code. The Rescue Code, which has a lifetime of seven days, allows you to reset your security question and answer.  Once done, you will then be able to reset your password using the newly-set security question and answer.

Once your Single Sign-On password is set-up you will be required to set-up multi-factor authentication (MFA).

This is a second step which involves customers receiving a code (e.g. via a mobile, landline or text message) or generating a code using the mobile app (this requires no mobile (4G etc.) or WiFi connectivity to their mobile device) clicking approve and entering the code into the required field when prompted. Once the second factor is activated, the requirement to enter a code will depend on individual circumstances such as devices, settings and location, and so most customers will rarely be prompted.

You will need to change your password at least once a year, or earlier if you suspect that anyone else may know it. This can be done by following the instructions at https://webauth.ox.ac.uk/password by giving your username and existing password.

Enter your account name and password in the 'Oxford username' and 'Old password' boxes. Now you will need to choose a new password and you type this into the 'New Password' box and you will need to repeat the new password in the 'Re-enter new Password' box. This is to confirm your typing because your password is not shown on the screen.  You will see the rules on password selection on the right hand side of the screen. Once you are happy that you have typed your new password correctly in both boxes then click the 'Change Password' button.

If you have chosen a suitable password then the system will accept the new password and you will see a confirmation screen. You can now use your new password to access your Single Sign-On account. If you do not set a suitable password, the system will reject it and will return you to the previous screen to try again.

If you cannot remember your existing SSO password, or have forgotten or not set your security questions and answers, then you will need to ask your local IT for a rescue code

You can also ask Service Desk for a rescue code by completing a request for help.

Get support


If you cannot find the solution you need here then we have other ways to get IT support

Get IT support