Password Management

Password Change

To change your Liverpool Hope account password, simply visit the following webpage: https://myaccount.microsoft.com/hope.ac.uk

Self-Service Password Reset

If you've registered the Microsoft Authenticator app and your phone number with your Liverpool Hope IT account, you can unlock your account or reset your password using the Self-Service Password Reset feature.

If you're unable to use Self-Service Password Reset, you can request a password reset or account unlock by visiting the IT Service Desk in person with your ID card, or by emailing itshelp@hope.ac.uk

Forgot Password

• Open a web browser and go to: https://passwordreset.microsoftonline.com
• Enter your username in UPN format (e.g., username@hope.ac.uk) and complete the CAPTCHA, then select Next.
• On the "Trouble signing in" page, choose the option "I forgot my password", then select Next.
• For verification step 1, select the option to receive a text or call, enter your phone number, and follow the on-screen instructions.
• For verification step 2, choose either "Approve a notification on my authenticator app" or "Enter a code from my authenticator app", then follow the on-screen instructions.
• If both verification steps are successful, create a new password.

Account Unlock

• Open a web browser and go to: https://passwordreset.microsoftonline.com
• Enter your username in UPN format (e.g., username@hope.ac.uk) and complete the CAPTCHA, then select Next.
• On the "Trouble signing in" page, choose the option "I know my password, but still can't sign in", then select Next.
• For verification step 1, select the option to receive a text or call, enter your phone number, and follow the on-screen instructions.
• For verification step 2, choose either "Approve a notification on my authenticator app" or "Enter a code from my authenticator app", then follow the on-screen instructions.
• If both verification steps are successful, your account will be unlocked.

Password Rules

To ensure the security and integrity of systems, data, and applications, all users must adhere to the following password guidelines.

Password Structure Requirements:

• Minimum Length: Passwords must be at least 12 characters long (14 without MFA).

• Complexity Requirements: Passwords must include a combination of:

  • Uppercase letters (A-Z)

  • Lowercase letters (a-z)

  • Numbers (0-9)

  • Special characters (e.g., !, @, #, $, %, ^, &, *)

Recommended Use of Passphrases:

• Passphrase Preference: Whenever possible, use a passphrase instead of a traditional password. A passphrase is a sequence of words or a memorable sentence that is long, random, and hard to guess. For example:

  • "BlueSkiesAreShiningBright!"

  • "CoffeeLover23@MorningSun"

  Passphrases should:

  • Use a combination of words and special characters to make the passphrase more complex.

  • Avoid using common phrases or predictable patterns (e.g., "ILoveMyDog123!").

Prohibited Password Elements:

• No Personal Information: Avoid using easily guessable personal information (e.g., names, birthdates, usernames, or addresses).

• No Repeated or Sequential Characters: Do not use patterns such as "12345" or "abcd".

• No Common Words: Avoid common passwords like "password", "123456", or "qwerty".

Password Management Guidelines:

• Do Not Reuse Passwords: Passwords should be unique for every account. Reusing passwords across multiple sites increases the risk of account compromise.

• Regular Updates: Change passwords or passphrases every 90 days, or immediately if there is a suspicion of a breach.

• Do Not Share Passwords: Passwords must not be shared with others.

Multi-Factor Authentication (MFA):

• Enable MFA: Always use multi-factor authentication (MFA) where available, especially for critical accounts or systems. MFA adds an additional layer of security, making it harder for unauthorised users to gain access, even if a password is compromised.