Murdoch passwords

Your password must be between 8 and 30 characters and include:

• at least one upper case alphabetic character (A-Z)
• at least one lower case alphabetic character (a-z)
• at least one numeral (0–9) or special character (*|+#) but not an ampersand (&) or double quotes (").

Your password must not:

• match any previous passwords
• include any characters occurring more than four times
• include alphabetic or numeric sequences of three or more characters (e.g. abc, 123)
• include keyboard sequences of three or more alphabetic characters (e.g. qwerty)
• include six or more sequential characters from your Murdoch username
• include three or more sequential characters from any part of your name
• include your date of birth.

Create a passphrase

Use symbols and numbers to replace some of the letters, to make a passphrase that is both strong and easy to remember. For example, "gibsonplayauthentic" can be rewritten as "gibs0nplay@uthentic".

Don’t use any of the following, spelled either forwards or backwards:

• names of anybody or anything associated with you (e.g. family, friends, pets)
• numbers associated with you (e.g. birth date or year, phone number, license plate number)
• words found in an English or foreign language dictionary
• place names
• proper nouns

or any of the above followed or preceded by a single numeric character and a single special character.

Don’t share your password or write it down

Your password should remain private. Do not share it with anyone, write it down or store it in an email or text file.

Use a password manager

Install a free, open-source password management tool like KeePass or Bitwarden to help generate, manage and store your passwords securely.

Don’t use 'Remember Password' option

Passwords saved to your computer or browser are a security risk, as they may be accessed by others from your computer or through attacks on outdated browsers.

Change your password frequently

It is recommended that you change your password for critical systems and accounts, including your Murdoch account, every 90 days.

Don't reuse passwords

MFA is a widely used and effective cyber security measure that protects IT systems and data from unauthorised access.

As cyber threats grow more advanced and prevalent, relying on passwords alone is not enough. MFA enhances security by introducing an additional verification step so that only you can access your account. This verification uses a one-time, time-sensitive code sent to your mobile device by SMS text message or authentication app. For greater security and convenience, we recommend that you use the Microsoft Authenticator App for MFA.

Cyber criminals can obtain passwords through techniques such as brute force attack and phishing, but it is difficult for them to gain physical possession of your mobile device. With MFA requiring authentication via your mobile device, it becomes more difficult for hackers to access your MU account, systems and data.

MFA will be automatically enabled on your MU account. In order to access your MU account and any MU system that you need for your studies or work, you must set up MFA after setting your initial MU password. MFA Setup is simple and can be done at home or on-campus, please follow the MFA Setup Instructions.

If you obtain an Australian mobile number after arriving in Australia, you must update your MFA setup so that you can continue to access your MU online account and essential systems you need for your studies. Please follow the Updating MFA Setup Guide and reach out to our IT Service Desk if you need further assistance

From time to time, you will be prompted to verify your identity when you log in to an MU system. This verification process, known as authentication, is how MFA protects our digital environment from unauthorised access. Authentication requires number matching, where access is granted after you enter a verification code that is sent to your mobile device via the Microsoft Authenticator app or SMS text message.   

MU strongly recommends that you use the Microsoft Authenticator app for its enhanced security features and works even without mobile reception, ensuring you can log in anytime, anywhere. Learn how to authenticate with and without mobile reception using the Verify your identity using the App Guide.

MU recommends that you use the Microsoft Authenticator app due to its enhanced security features, such as biometric verification, and convenience, as mobile or internet reception is not required for authentication. 

You may be required to authenticate via MFA before the start of online exams. Our exam invigilators will guide you through this and any other preparations before your exam starts. More information can be found on the Online Exams page.

• Using the Microsoft Authenticator app - Authentication using the App does not require mobile reception or internet (Wi-Fi) connection. Please refer to the Verify your identity using the App Guide to learn how to authenticate with or without connectivity.  
• Using SMS verification code – Unfortunately you cannot authenticate by SMS verification code without mobile reception, please contact the IT Service for assistance. When your connectivity is restored, we strongly encourage you to set up the App for MFA, by following the App Setup Instructions, so that you can authenticate even without mobile reception.