Home LIS IT security

IT security

Your UHI username and password

Access to UHI services is controlled through the use of a username and password.  When you join UHI you will be given a unique student ID. This is usually a six or eight digit number (e.g., 123456, 12345678). This student ID is also your UHI username.  It may also be referred to as your UHI user ID or UHI ID.  You should be advised of your default password during enrolment or induction. You should change your password from the default as soon as possible. This can be done using a college PC. Press control+alt+delete  and you will see an option to change password.

Our systems use the combined UHI username and password to verify who you are and what you are entitled to access.  Any activities carried out in our systems will be attributable to the UHI username that has logged into the system, so it is extremely important that you do not allow anyone to have access to your account details as you will be responsible for any activities undertaken with your UHI username.  It is therefore your responsibility to ensure that your password remains secure and is only known by you.

The following steps can be undertaken to  ensure your password details remain secure;

  • Change your password from the default password you are provided,
  • Don’t tell anyone your password,
  • Don’t write your password down,
  • Don’t include your password in an email (even to your local IT support or the UHI Servicedesk)
  • If you think someone knows your password, then change it,
  • Change your password regularly,
  • Don't use the same password for different external services,
  • Ensure you create a strong password.

Only you know your password, even the members of local ICT support and UHI Servicedesk can’t see what it is.

A strong password is one that is hard to guess, there are a number of ways to ensure the password you create will help your account details stay secure;

  • Length,  we would advise not setting passwords that are less than 6 characters,
  • Words,  try not to use proper words, automated hacking programmes will also try common misspellings, words spelt backwords and words with obvious digit substitutions, e.g., using a 5 instead of an S. Random combinations are the most secure.
  • Variation, the most secure passwords have a combination of letters and numbers, lower and upper case,
  • Don’t reuse a password, reusing also covers changing a number at the end to make it unique,

However watch you don’t make your password so hard to guess that you can’t remember it!  A method of creating a hard to guess but easy to remember password is to use the first letters of a favourite quote,  name,  film or song.  For example “To the uneducated, an A is just three sticks. “ (A. A. Milne) would become TtuaAij3s. (but please don’t use this one, as its written down!)

Even a strong password can eventually be guessed if it has  been used for a long period of time. It can be hard to choose and remember a strong password, this YouTube video might help!

It can be difficult to keep track of passwords, we'd recommend that staff and students think about using an external password management service, such as KeePass, LastPass or 1Password. These services are external to UHI, there may be a charge for using or installing the service.

Please contact the UHI Servicedesk if you forget your password and it can then be reset, see Getting Help section for details. You will be asked some security questions to confirm your identity.

Occasionally you may receive emails which ask you for your account and password details. You should be cautious of any unexpected email you receive that asks for this type of detail, as these are often phishing emails. These emails are an attempt to get your UHI username and password details so that your personal information can be stolen.

Often these emails look genuine and will have text along the lines of your email account will be suspended unless you reply with details of your account and password.

Before replying to any message such as this, please check the sender email address, if its not from an @uhi.ac.uk account your should be wary.  Also please bear in mind that the UHI Servicedesk will never ask you for your password details in an email.  Any planned work to our systems will be sent out over email but we will also post details on this website (www.uhi.ac.uk/lis under Service Announcements).  If you are at all unsure about information you are being asked to provide please call the Servicedesk to confirm. If you think you have accidentally supplied your information please contact the UHI Servicedesk to have your password reset.

If you are sent emails with website links in them , check that the link appears goes to a UHI based site. These generally have uhi.ac.uk in the link name, e.g, https://webmail.uhi.ac.uk .

Most UHI websites that asks you for a login should be  secure sites, you can tell this by the s in https in the address bar, and there will usually be a padlock shown on your web browser software.  Incorrect spelling, odd looking graphics  or strange website names can sometimes be a give-away  on fake sites, but many look very professional.


General  Identity Security

Incidents of Social Engineering  and Identity Theft are generally on the rise.  Posting certain types of information about yourself publically online can assist fraudsters.

You should guard against making the following pieces of information  available generally online;

  • Your full name
  • Your full address (and post code)
  • National insurance number
  • Date of birth
  • Telephone number
  • Mothers maiden name
  • Birthplace
  • Current place of study/work
  • Recent addresses

Having up to date security software on your PC or laptop will also help keep your information secure.  The equipment provided for you at  your college site will have Anti-Virus software, Spy/Adware and local firewall software  installed, but you need to  ensure  that your local equipment has these installed and that they are kept up to date as new viruses are released all the time.  Some of the new security  software will even alert you to sites that may be fake. UHI have a campus agreement for the Sophos anti-virus software. We will shortly be releasing a version of this that will be available for UHI students.

When you use shared computer equipment, such as the college PCs or internet café PCs, you should always ensure that you log out at the end of your session.  If you pop away from the computer then lock the session by pressing ctrl+alt+del, then your password will be required to access your session. Many internet browsers have the capacity to store local password information. When using shared resources you should always answer No to any prompt asking if you wish to save your password details.

If you have a Wi-Fi  connection at home make sure that this is secured.  Your Wi-Fi manual should provide you with instructions on a couple of easy changes which should make your setup more secure; such as how to change the administrative password for the device and enable WPA/WEP encryption.

Security Week Tips

The 5th to the 9th of October is our online awareness week. We'll be posting security tips and reminders through our twitter feed and some sites will be running student events to help promote cyber security awareness. Here are some of our top tips:

1.    Be aware that you are an attractive target to hackers. Don’t ever say “It won’t happen to me.”
2.    Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor.
3.    Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
4.    Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. Think you can spot a phony website? Try this Phishing Quiz.
5.    Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi—your data could be copied or stolen.
6.    Back up your data regularly, and make sure your anti-virus software is always up to date..
7.    Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
8.    Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you study, where you work, when you’re on holiday—that could help them gain access to more valuable data.
9.    Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information, but if they've called you on your landline, be sure to use a different phone to call back as a landline might be connected to the original caller for up to 10 mins after you hang up.
10.    Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. If you think your university account has been compromised please speak to the .

Getting help

The UHI Servicedesk is your first point of contact for any queries. The service is open from 0900 – 1700 Monday to Friday and can be contacted a number of ways;

Telephone on 01463 279150 or internal number 150

Email  at 150@uhi.ac.uk or servicedesk@uhi.ac.uk

Through the web www.uhi.ac.uk/servicedesk


Some useful sites are;








Acceptable Use Policy

Academic Partner staff and students should also refer to their local college Acceptable Use Policy (AUP).

Staff and Students should be aware that when working from a UHI connected site that you must also comply with the JANET Acceptable Use Policy.

UHI Acceptable use policy