Skip to main content

Accounts, Passwords & Security

IT Service

Accounts, Passwords & Security

The University of Worcester works hard to secure your devices, data, infrastructure to create a safe secure learning experience but security starts with you:

  • Make sure your personal devices use memorable complex passwords
  • Lock your device if not using it
  • Use OneDrive for Business to store your personal work files
  • Store all business-critical data using SharePoint or the O: Drive
  • Beware of phishing emails, if you are unsure if an email is legitimate contact us
  • Beware of scams – if you suspect anything, contact us directly for advice
  • Only click on links from trusted sources. Malicious email links can infect your computer or take you to web pages designed to steal your information.  If you feel something isn’t right, don’t risk it
  • Never open unsolicited or unexpected attachments. Malicious attachments can infect your computer. If you cannot verify an attachment is legitimate, delete it
  • Delete all suspicious email immediately. Do not forward it to colleagues or to the IT Service
  • If you lose your device or if its stolen report it to us immediately

Please refer to the University’s Information Security webpage and the IT Regulations for further information.

Security Frequently Asked Questions

IT Service user accounts

Staff account

When you become an employee at the University of Worcester you will be issued with a username/password and an associated e-mail address. this will enable you to utilise the University IT Services including PCs, Wi-Fi, and printers, along with access to key resources and services.

Staff Account Frequently Asked Questions

Affiliate staff account

Staff who do not work directly for the University such as volunteers, partners and external examiners can request an affiliate staff account, this account will give limited access to University Services. Affiliate staff access should be requested by a member of staff at the University who is linked with the external party.

Guest account

Guest accounts can be setup for visitors to the University who may require access to the PCs on-campus for a temporary period of time.

Please log a help ticket on our self-service portal containing the following information:

  • The time period the guest account is required, start and end date
  • Name of the person who will be using the guest account
  • If the account needs to be filtered i.e. if a child will be using it
  • Will access to Office 365 be required?

Guest Account Frequently Asked Questions

Password guidance

You should immediately change your password from the one generated by IT so that only you know it.

Your University account password should be strong and different from all your other passwords. This will make it harder to crack or guess. Using 3 random words is a good way to create a strong, unique password that you will remember.

For example:

On Christmas Day in 1983 I got Star Wars presents so:


When setting your password, the system will not let you change it if it can be easily guessed so make sure you have at least 12 characters, a number, and a capital letter.

Password Guidance

I think my account is compromised, what do I do?

Multi-Factor Authentication (MFA)

MFA – Multi-Factor Authentication combines the use of your account password and mobile device to create a double layer of security. This increases the level of security on your university account, protecting against the loss of personal, sensitive data from people with malicious intent.

Once MFA is set up you will be asked to use authorise access to your account whenever you access university systems off campus.

This also means we’re making it easier than ever for you to reset your password if you ever forget it. You can now reset, unlock, or change your password without having to contact us!

MFA Frequently Asked questions


Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

Generally, emails sent by a cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient, they often sound too good to be true or have a sense of urgency, some may also ask you to click on a link or attachment.

Please remember we will never ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time. Also never click on a link or an attachment if you do not know who sent it to you, if you are unsure play it safe and contact us first.

Phishing Frequently Asked Questions

Protecting emails and documents

Rights Management Services (RMS)

Rights Management Services (RMS) is an encryption technology that can be used to protect individual files and emails. It allows staff to protect documents by applying access permissions and expiry dates. 

RMS is intended to be used with highly sensitive documents and where granular permissions and document expiry dates must be applied. However, it is important that RMS protection is applied only when necessary as overuse of this technology could result in legitimate access to documents being accidentally denied. 

Learn more about Rights Management Services

OneDrive file security

OneDrive features robust permissions management options that allow you to securely share your files and folders with colleagues and external partners whilst only providing the desired level of access. We recommend that you regularly audit your sharing permissions and remove access where it is longer required. 

Learn more about OneDrive

Portable storage

Portable storage devices are devices that connect to the USB port of a computer and are used to store and retrieve data.

Examples include:

  • USB flash/thumb drives
  • External hard drives

A portable storage device such as a memory stick can be a useful item to have however, there are a number of security issues surrounding them:

  • They can carry viruses bypassing the many security measures put in place that would normally stop viruses spreading
  • Confidential data stored on devices could be divulged if the storage device becomes lost or stolen
  • Data could be corrupted if the storage device is not properly removed from the computer

We advise to use cloud storage solutions where possible such as OneDrive for Business however we understand that sometimes there’s no choice but to use portable storage media such as a USB flash drive or an external USB hard drive.

If you have a requirement to use portable storage media please ensure that it is protected using BitLocker. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

How do I encrypt a USB drive using BitLocker?

Learn more about BitLocker

Back to top