NHS Mail – changes to password policy
You should all have received an email from NHS Mail regarding an update to their policy. The main changes concern the complexity of the password (what it needs to contain) and how long it is valid for.
In summary:
New passwords will be valid for 365 days instead of the current 90 day expiry and must meet the following criteria:
- Minimum length – 10 characters without requiring a mix of character types
- Not matching previous 4 passwords
- Not detected as a common password, for example Password123, Winter2018
- Not detected as a breached password (a password used for an account that has previously been compromised). Breached passwords will be sourced from an internet-based breach database.
If you have any questions, please contact Alan Hicks.
This is a much more common sense approach, simpler and less time consuming, well done and thank you Alan!