Murdoch passwords

Your password must be between 8 and 30 characters and include:

• at least one upper case alphabetic character (A-Z)
• at least one lower case alphabetic character (a-z)
• at least one numeral (0–9) or special character (*|+#) but not an ampersand (&) or double quotes (").

Your password must not:

• match any previous passwords
• include any characters occurring more than four times
• include alphabetic or numeric sequences of three or more characters (e.g. abc, 123)
• include keyboard sequences of three or more alphabetic characters (e.g. qwerty)
• include six or more sequential characters from your Murdoch username
• include three or more sequential characters from any part of your name
• include your date of birth.

Create a passphrase

Use symbols and numbers to replace some of the letters, to make a passphrase that is both strong and easy to remember. For example, "gibsonplayauthentic" can be rewritten as "gibs0nplay@uthentic".

Don’t use any of the following, spelled either forwards or backwards:

• names of anybody or anything associated with you (e.g. family, friends, pets)
• numbers associated with you (e.g. birth date or year, phone number, license plate number)
• words found in an English or foreign language dictionary
• place names
• proper nouns

or any of the above followed or preceded by a single numeric character and a single special character.

Don’t share your password or write it down

Your password should remain private. Do not share it with anyone, write it down or store it in an email or text file.

Use a password manager

Install a free, open-source password management tool like KeePass or Bitwarden to help generate, manage and store your passwords securely.

Don’t use 'Remember Password' option

Passwords saved to your computer or browser are a security risk, as they may be accessed by others from your computer or through attacks on outdated browsers.

Change your password frequently

It is recommended that you change your password for critical systems and accounts, including your Murdoch account, every 90 days.

Don't reuse passwords

MFA is an effective cyber security measure that is widely used to protect IT systems and data from unauthorised access - you may already be familiar with MFA as it is commonly used to protect online banking and social media accounts. As cyber security threats become more sophisticated and frequent, relying on passwords alone is not enough. In addition to your username and password, MFA requires you to provide another form of authentication to verify your identity prior to granting you access to your online account. Authentication is often done using a one-time, time-sensitive verification code that is sent to you via SMS text message or an authentication app.

Whilst hackers can obtain passwords through techniques such as brute force attack and phishing, it is harder for them to gain physical possession of your mobile device. Since MFA requires a second form of authentication via your mobile device, MFA makes it harder for hackers to gain unauthorised access of your MU account, MU systems and the data that is stored in our systems (which includes personal information of our staff and students).

From time to time, you will be prompted to verify your identity when attempting to log in to an MU system. This verification process is called authentication, and it is how MFA helps to protect our digital environment from unauthorised access. Authentication is often done by number matching – a verification code is sent to you via the Microsoft Authenticator app or SMS text message, and you will need to enter this verification code into the sign-in pop-up to be granted access to your MU account. 

Please refer to the  Authenticate using the App guide to learn how to authenticate with or without mobile or internet (Wi-Fi) reception using the Microsoft Authenticator app (the App). If you have not set up the App and often experience poor mobile reception, we recommend that you follow the App setup instructions to start using the app for MFA.

MFA will be automatically enabled on your MU account. After you set your initial MU password, we recommend that you set up MFA to ensure that you are prepared and to avoid any inconvenience when you are prompted to authenticate the next time you attempt to access the University’s online services. MFA Setup is simple and can be done at home or on-campus, please follow the MFA Setup Instructions.

After arriving in Australia, you may choose to obtain an Australian mobile number. It is important that you update your MFA setup so that you can continue to authenticate and access the University’s online services. To do this, please follow the step-by-step instructions in the Updating MFA Setup Guide.

Using the Microsoft Authenticator app (the App) for MFA is optional, however we recommend the App because it is a more convenient and secure way to authenticate than the SMS verification code method. This is because SMS messages can be intercepted by hackers, whereas intercepting the App is difficult as hackers would need to gain physical possession of your mobile device and pass security measures to open the App. Using the App is also more reliable as you do not need mobile reception or internet (Wi-Fi) connectivity to authenticate.

If you are currently using SMS verification codes to authenticate and would like to use the App for MFA, please follow the step-by-step App Setup instructions. To find out how to authenticate using the App with and without mobile or internet connectivity, please refer to the Authenticate using the App guide.

Our MFA Frequently Asked Questions page has further information on MFA, up to date advice and step-by-step instructional resources.