Set up your password
When you start at Murdoch you need to set up your password. To ensure your new password meets the requirements and is secure, refer to create a strong password.
You will be prompted to set up your Murdoch password when accepting your offer to study at Murdoch. Details of this process are included in your offer letter.
If you are a Murdoch staff member or contingent work (contractor, etc.) you can create your Murdoch password using the password reset. This process will send a code to your mobile and/or personal email address (that you have registered with HR) that you can then use to change your password. If you need to update your mobile and/or personal email address please do these via myWorkday or contact People & Culture via Murdoch Support.
Self-service password reset
The first time you log in to a Murdoch system, you will be asked to provide some additional information to allow you to reset your password if you forget it.
Change or reset your password
Changing your password regularly helps keep your account and personal details secure. To ensure your new password meets the requirements and is secure, refer to create a strong password.
Change your password
If you know your current password, you can change it at any time.
Creating a strong password
Passwords help protect you against identity theft. It is important that passwords are complex enough that they cannot be easily guessed, and that they are changed frequently.
Your password must be between 8 and 30 characters and include:
- at least one upper case alphabetic character (A-Z)
- at least one lower case alphabetic character (a-z)
- at least one numeral (0–9) or special character (*|+#) but not an ampersand (&) or double quotes (").
Your password must not:
- match any previous passwords
- include any characters occurring more than four times
- include alphabetic or numeric sequences of three or more characters (e.g. abc, 123)
- include keyboard sequences of three or more alphabetic characters (e.g. qwerty)
- include six or more sequential characters from your Murdoch username
- include three or more sequential characters from any part of your name
- include your date of birth.
Create a passphrase
Use symbols and numbers to replace some of the letters, to make a passphrase that is both strong and easy to remember. For example, "gibsonplayauthentic" can be rewritten as "gibs0nplay@uthentic".
Don’t use any of the following, spelled either forwards or backwards:
- names of anybody or anything associated with you (e.g. family, friends, pets)
- numbers associated with you (e.g. birth date or year, phone number, license plate number)
- words found in an English or foreign language dictionary
- place names
- proper nouns
or any of the above followed or preceded by a single numeric character and a single special character.
Don’t share your password or write it down
Your password should remain private. Do not share it with anyone, write it down or store it in an email or text file.
Use a password manager
Install a free, open-source password management tool like KeePass or Bitwarden to help generate, manage and store your passwords securely.
Don’t use 'Remember Password' option
Passwords saved to your computer or browser are a security risk, as they may be accessed by others from your computer or through attacks on outdated browsers.
Change your password frequently
It is recommended that you change your password for critical systems and accounts, including your Murdoch account, every 90 days.
Don't reuse passwords
Multi-Factor Authentication (MFA)
At Murdoch University, we are proactive about strengthening our digital security to protect not only your personal information but our systems and data. MFA provides an extra layer of protection, in addition to your password, against cyber-attacks and identity theft.
When you start at Murdoch you will need to set up MFA and, from time to time, you will be prompted to authenticate when attempting to access an MU system. You are able to set up MFA using your computer or mobile device. Please follow the instructions below according to your preference:
Multi-Factor Authentication (MFA) is a security feature that provides an extra layer of security to your online accounts. In addition to your username and password, MFA requires you to provide another form of authentication prior to granting you access to your account. Common authentication methods involve entering a verification code via text message or authentication app.
Whilst hackers can obtain passwords through techniques such as brute force attack and phishing, it is harder for them to gain physical possession of our mobile devices. MFA requires us to provide a second form of authentication (in addition to our passwords) via our smartphone or mobile device. Therefore, by making it harder for them to gain unauthorised access of your online account, we in turn make it harder for them to access MU systems and data.
Using the Microsoft Authenticator app (the App) for MFA is a more convenient and secure way to authenticate than by the SMS code verification method. This is because SMS messages can be intercepted by hackers, whereas intercepting the App is difficult as hackers would need to gain physical possession of your mobile device and pass security measures to open the App. If you are currently using SMS code to authenticate, please follow the App setup instructions to start using the App for MFA.
It is not mandatory to use the App for MFA, and you can continue to MFA via SMS code. Please note however, that you will be reminded to set up the App at each MFA prompt. We strongly encourage you to use the App as it provides better security. If you are currently using SMS code to authenticate, please follow the App setup instructions to start using the App for MFA.
- Using the Microsoft Authenticator app - You do not need mobile reception or internet (Wi-Fi) connection on your mobile phone to authenticate using the app. Please refer to the How to Authenticate using the App guide for step-by-step instructions on how to authenticate with or without mobile connection. Please note however, that you do need internet connection to set up the App as your default MFA method – to do this, simply follow the App setup instructions when you have mobile or internet connection restored on your mobile device.
- Using SMS verification code – Unfortunately you cannot authenticate by SMS verification code without mobile reception, please contact the IT Service Desk via Murdoch Support, or email to email@example.com. We strongly encourage you to set up the App as your default MFA method by following the App setup instructions when your mobile or internet connection restored on your mobile device.
Once you have set up MFA, from time to time, you will be prompted to verify your identity when attempting to log into an MU system. This verification process is called authentication, and it is how MFA helps to protect our digital environment from unauthorised access. The How to Authenticate using the App guide details how to authenticate with or without mobile or internet (Wi-Fi) reception using the Microsoft Authenticator app. If you have not set up the App for authentication, please follow the App setup instructions.