New Password Expiry Notice

Published: Posted on

IT security policy requires password changes every 180 days. In order to achieve this, passwords are set to expire approximately every 180 days. Warnings and reminders are sent in the period running up to password expiry times.

The password expiry noticed issued by IT Services has changed recently.

The new notice looks like this.

Your University password will expire in 24 days - Action is Required. This email has been sent by IT Services at The University of Birmingham. Do not ignore this email. Your password will expire in 24 days. In accordance with University policy, you are required to change your password every 180 days (roughly six months). If you do not change your password within this timeframe you will lose access to your University account. For information on how to change your password and how to register for the My Password service please visit the ‘My Password’ intranet page: Don’t forget that once you have changed your password, you are required to update any devices (mobile phones, tablets or laptops) that may still have your old password saved in the WiFi or email settings. IT Service Desk 0121 414 7171 Do not respond to any unsolicited emails which ask you to send your username and password.

If you would like to know more about why we there is a policy to change passwords please see this article.

The following shows the features that you can see to help you to differentiate a genuine noticefrom a phishing email.

The message comes from Password Manager, This is a local address and the one used by password manager. The email is addressed to you. This is no guarantee that an email is genuine, but you would expect this to be the case for a genuine notification. The subject is accurate and consistent with the content of the message. It is five months (or longer) since you changed your password. A specific and reasonable timescale is given and reminders will be sent counting down in a consistent manner. There is no attempt to rush or panic you to into acting without thinking. The email is simply asking you to change your password using standard methods and not linking directly to a web form with a login. Phishing emails will almost all link directly to a form asking for login details. The only link is to a website in the domain, one of the two University domains; the other one is It does not require a username and password to view the page. Genuine contact details are provided.

Author: Chris Bayliss

IT Security Manager.

1 thought on “New Password Expiry Notice”

Leave a Reply

Your email address will not be published. Required fields are marked *