Passwords for UQ accounts should be strong, hard to guess and kept secret.

A strong password not only protects you and your identity, but also ensures the University's data and systems remain safe.

There are some practical steps you can take to enhance the security of your UQ account.

Create a strong password

When you choose a password for your UQ account, use at least 8 characters, including:

  • at least one letter (a–z, A–Z)
  • one non-letter character (numbers, approved special characters)
  • a mix of uppercase and lowercase letters.

Approved special characters are: # $ % ' ( ) * + , - / : ; < = > [ ] ^ _ ` { | } ~

Avoid using:

  • & ? ! “ @ \ or a space
  • anything too similar to your current password
  • anything close to a single dictionary word or common term or phrase
  • your name, phone number, date of birth or any identifying information
  • other personal information (car registration, maiden name, address)
  • a password you have used before
  • duplicate characters (aaabbbccc) or keyboard patterns
  • a password you use on another system.

Tips for keeping passwords safe

Never share your UQ account password with anyone else, even family members. You can be held responsible for any actions carried out by someone who has used your account.

When you log in, your password should be something you can either type by memory, or securely access through a password manager.

Here are some tips for keeping your password safe:

  • don't save passwords in your web browser
  • never include your password in an email message
  • lock your computer before leaving your desk to prevent other people from accessing your account
  • never write passwords down, especially near your computer
  • change your password regularly.

If you can't remember all your passwords, you may want to consider using a password manager, such as LastPass, 1Password or Keeper Security, to securely store your passwords.

Set up a security question

ITS Service Desk may need to verify your identity before discussing your UQ account with you. You can set a security question and answer online or submit an IT request to do the same.

Choose a memorable question and answer that other people can't guess.

Register your phone number

You can register your Australian mobile phone number and use it to retrieve a security code to reset your UQ account password if you forget it.

To register your number:

It's not possible to register international phone numbers.

When you enter your mobile number, only enter numbers (i.e. no + symbol) and don't use spaces or include a country code.

Single Sign-On (SSO)

Single Sign-On (SSO) allows you to access many UQ websites by signing in only once with your UQ login details.

You can stay logged in for 8 hours, but will need to log in again if:

  • the website doesn't use SSO
  • you close your web browser
  • the session times out
  • you log out.

Submit an IT request if you would like your UQ website to use SSO (staff only) or you need help using an SSO-authenticated site.

Report suspicious activity

Your UQ account may be compromised if you notice changes you didn't make, or details you don't recognise. For example:

  • your password has changed
  • new files have appeared in a drive
  • files have disappeared from a drive
  • your last login time is not what you expected.

Immediately submit an IT request and change your account and email passwords to regain control of your account.

Regularly change your password

It's best practice to change your UQ account password at least once every 12 months. For UQ staff, this is compulsory.

To change your password, go to the password change portal.

Two-factor authentication

Some staff are required to use two-factor authentication when they log in to certain UQ websites and systems. This provides an extra layer of security for access to these systems. 


We're here to help

Before contacting us, try browsing or searching for common questions.