NHS Mail – changes to password policy

You should all have received an email from NHS Mail regarding an update to their policy.  The main changes concern the complexity of the password (what it needs to contain) and how long it is valid for.

In summary:

New passwords will be valid for 365 days instead of the current 90 day expiry and must meet the following criteria:

  • Minimum length – 10 characters without requiring a mix of character types
  • Not matching previous 4 passwords
  • Not detected as a common password, for example Password123, Winter2018
  • Not detected as a breached password (a password used for an account that has previously been compromised). Breached passwords will be sourced from an internet-based breach database.

If you have any questions, please contact Alan Hicks.

One response to “NHS Mail – changes to password policy”

  1. Kaye Childs says:

    This is a much more common sense approach, simpler and less time consuming, well done and thank you Alan!

Leave a reply:

Your email address will not be published but the name you enter will be.