We have had a lot of queries recently about password change reminders and whether or not they are a phishing attack. We have previously published an example password change notice highlighting its characteristics and how it differs from an attack.
Some students have been asking why there has been a change in policy. The policy itself has not changed, but it is now being enforced. It has been a long established University policy that everyone must change their password at least every 180 days. This has been enforced for staff accounts for a few years. Earlier this year, enforced password changes were implemented for student accounts.
There have also been questions about why we force password changes. An article discussing the reasons for the policy is available here.
There is also an article about how to spot phishing and other scams and how they tend to differ from genuine notifications.