Changing your Password

Jump to JCU Password Rules

You must change the initial password that has been allocated to you. Below is a link to the web page for changing your password.

When you go to the web page, dependent on your browser you will receive dialogue boxes containing phrases like "You have requested a secure document" or "security alert". Don't be concerned by this. It means that you are going to a secure page - It's very important that your password remain secret. Press "Continue" (if using Firefox) or "OK" (if using Internet Explorer).

In order to change your password you must login using your JCU username and current password. If you don't know or have forgotten your username and/or password, or have been locked out by failed attempts please contact Infohelp who will be able to assist you with resetting your JCU computer account password.

Before attempting to change your password please read the following information which will provide you with advice on choosing a safe password and a list of rules which must be followed to create a valid password on the JCU system.

Change your Password

Note: Passwords can only be changed or reset once per day and accounts are locked out of the system for an hour should there be 3 failed login attempts.

Choosing a Safe Password

The importance of picking a good, secure password can't be emphasised enough. Your password is the way the computer verifies that someone logging in is really you, so pick something that cannot be guessed by others. The top reasons people gain unauthorized access to a password protected system is: they guessed someone's password, often because they found it on a piece of paper next to the victim's computer or because they saw the person type the password in, but also because they use software programs that are VERY good at guessing common passwords.

The Basics

The Following guidelines will guard against someone finding out your password and gaining unauthorised access to your account:

  1. Make your password as long as possible. The longer it is, the more difficult it will be to attack the password with a brute-force search. Passwords must be a minimum of 8 characters long and should be 11 or more.

  2. Use as many different characters as possible when forming your password. Use numbers, non-alphanumeric characters and mixed upper and lower-case letters. Choosing characters from the largest possible alphabet will make your password more secure.

  3. Do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, date of birth and address are to be avoided. Even names of acquaintances and the like should not be used.

  4. Do not use words, geographical names, or biographical names that are listed in standard dictionaries.

  5. Never use a password based on your username, account name, computer name or email address.

  6. Don't ever be tempted to use one of those common passwords that are easy to remember but offer zero security. e.g. "password", "letmein" or key sequences that can easily be repeated. e.g. "qwerty123","asdf1234" etc.

Tips for a strong password

  1. Make your password long – 8 characters is the minimum, 10 characters is good, and 15 characters is excellent. 15 is really desirable for high-level security, because 15 is a special number in Microsoft Windows. At 14 characters and less, Windows passwords are scrambled as “hashes” (encrypted into unseen scrambled characters), and stored in hidden Windows system files. It is possible for a gifted hacker to access those stored hashes and unscramble your passwords. However, Microsoft Windows no longer stores hashed passwords at 15 characters and longer. Yes, it is annoying to type 15 characters just to log into your account, but your account security warrants the effort.

  2. Start designing the password with a memorable, meaningful phrase - then make it complex by adding numbers and special characters. Here is how you do it:

  • Pick a word or multi-word phrase that is meaningful to you.

  • Mix one or two letters to be upper case.

  • Then change one or two letters to be numbers.

  • Then for the sneaky twist: insert one or two non-alphanumeric characters. The beginning or end of the password is easiest for memorisation purposes. Examples include: !,*, $, &, or #.

  1. I t is a good habit to change or rotate your passwords on a regular basis, every 4 to 6 weeks.

  2. Do not store your password on paper or with storage software, please avoid password-keeper programs that claim to make your life easier. It is better to memorise a password whenever possible. Never keep your passwords on a piece of paper under the keyboard or in your wallet. Do not keep them in your PDA either; if you must store your passwords at all, keep the passwords’ hints instead.

JCU Password Rules

Your password must meet the following conditions to be accepted as valid:

  • Minimum length of 8 characters

In addition, ALL of the following character rules must also be met:

  • Must contain at least 1 number (0 - 9)

  • Must contain at least 1 uppercase character (A - Z)

  • Must contain at least 1 lowercase character (a - z)

A password will be deemed invalid if it contains any of the following:

  • Cannot contain either your login id or elements of your email address or name

  • Cannot contain spaces

  • Cannot contain these characters %, [, ]

  • No more than 3 repetitive characters ( e.g. aaa is valid, but aaaa is not)

Password Strength Tool

Test the strength of your passwords. This test cannot confirm if your password contains a name or a dictionary word, so your password may still be rejected even if it appears green on this test. Enter a password in the text box below to have the Password Strength Tool help determine its strength, and validity, as you type.

Test Password:

If you receive an invalid result then the password you have entered violates one of the JCU password rules as outlined above. Please review the password against the above rules and make the necessary changes to ensure that it conforms to JCU's password rules.

Note: This tool is provided to assist you in gauging the strength of your password. It is for personal reference only and does not guarantee the security of the password itself. The Password Strength tool does not collect, store, or transmit information beyond the computer that you use to access it on.

When can I use my Password?

The password change will take effect on most JCU systems within a few minutes and be fully synced within the hour.

If your new password still won’t allow you access after 2 hours then please contact InfoHelp for assistance.

Once your password has been synced across all systems you will be able to use the new password to log into the GATCF Labs, email, LearnJCU, NetAccess and Students/Staff Online.

Forgotten Passwords and Disabled Accounts

If you have forgotten your password or your account has been disabled you need to contact InfoHelp.

A temporary password will be issued to you upon verification of your identity which MUST be changed immediately following the guidelines mentioned above.

NOTE: Your login ID and password security are your responsibility; see Account and Computer Security No JCU computer system or university staff member can tell you your current password. All passwords are encrypted and any identifying information for password change requests are destroyed.