Staying Cyber Safe

IT Security - Getting Help content

IT Security - Getting Help

After reading the advice here, the UHI Servicedesk is your first point of contact for any further queries.

The service is open from 0900 – 2000 Monday to Thursday, 0900-1700 Friday, Sat & Sun 1200-1600

Student user ID (username) content

Student user ID (username)

Student user ID (username)

Access to UHI student services is controlled with a username (ID) and password.

Once you have enrolled and you become a 'current' student at UHI, you will be given a unique student ID. This is usually a six or eight digit number (e.g. 123456 or 12345678). This student ID is also your UHI username - it may also be referred to as your UHI user ID.

You will be advised of your default password during enrolment.

Staff user ID (username) content

Staff user ID (username)

Staff user ID (username)

Access to UHI staff services is controlled with a username (ID) and password.

When you join UHI, you will be given a unique staff ID. This is usually a six character ID made up of two characters for your college, two numbers, then your first name and last name initial (e.g. AA01ZZ). This staff ID is also your UHI username.  It may also be referred to as your UHI user ID.

You will be advised of your default password during induction.

Changing your password & Self-Service password reset content

Changing your password & Self-Service password reset

Changing your password & Self-Service password reset

Please visit our dedicated password reset page for more information

New password requirements content

New password requirements

New password requirements

For complexity, you will need to use at least three of the following four character sets in your new password.

Your new password will also need to be a minimum of 8 characters.

Numeric - 0 1 2 3 4 5 6 7 8 9
Lower Case - abcdefghijklmnopqrstuvwxyz
Special Characters - ~@#!”$%^&*()_+=\[]/{};,.?’

Please note due to restrictions within our systems you cannot use the following characters in a password:




(pound sign)

Keeping your password secure content

Keeping your password secure

Keeping your password secure

Our systems use the combined UHI username and password to verify who you are and what you are entitled to access.

Any activities carried out in our systems will be attributable to the UHI username that has logged into the system, so it is extremely important that you do not allow anyone to have access to your account details as you will be responsible for any activities undertaken with your UHI username.  It is therefore your responsibility to ensure that your password remains secure and is only known by you.

The following steps can be undertaken to ensure your password details remain secure:

  • Change your password from the default password you are provided
  • Don’t tell anyone your password
  • Don’t write your password down
  • Don’t include your password in an email (even to your local IT support or the UHI Servicedesk)
  • If you think someone knows your password, change it
  • Change your password regularly
  • Don't use the same password for different external services
  • Ensure you create a strong password

Only you know your password, even the members of local ICT support and UHI Servicedesk can’t see what it is.

A strong password is one that is hard to guess, there are a number of ways to ensure the password you create will help your account details stay secure;

  • Length - we would advise not setting passwords that are less than 8 characters
  • Words - try not to use proper words, automated hacking programmes will also try common misspellings, words spelt backwords and words with obvious digit substitutions, e.g., using a 5 instead of an S. Random combinations are the most secure
  • Variation - the most secure passwords have a combination of letters and numbers, lower and upper case
  • Don’t reuse a password - reusing also covers changing a number at the end to make it unique.

However watch you don’t make your password so hard to guess that you can’t remember it!  A method of creating a hard to guess but easy to remember password is to use the first letters of a favourite quote, name, film or song.  For example "To the uneducated, an A is just three sticks." (A. A. Milne) would become TtuaAij3s (but please don’t use this one, as its written down!).

Even a strong password can eventually be guessed if it has been used for a long period of time. It can be hard to choose and remember a strong password, this YouTube video might help!

It can be difficult to keep track of passwords, we'd recommend that staff and students think about using an external password management service, such as KeePass, LastPass or 1Password. These services are external to UHI, there may be a charge for using or installing the service.

Please contact the Servicedesk if you forget your password and it can then be reset.

Occasionally you may receive emails which ask you for your account and password details. You should be cautious of any unexpected email you receive that asks for this type of detail, as these are often phishing emails. These emails are an attempt to get your UHI username and password details so that your personal information can be stolen.  Often these emails look genuine and will have text along the lines of your email account will be suspended unless you reply with details of your account and password.

Before replying to any message such as this, please check the sender email address, if its not from an account you should be wary.  Also please bear in mind that the UHI Servicedesk will never ask you for your password details.  If you are at all unsure about information you are being asked to provide please call the Servicedesk to confirm. If you think you have accidentally supplied your information please contact the UHI Servicedesk to have your password reset.

If you are sent emails with website links in them, check that the link appears goes to a UHI based site. These generally have in the link name, e.g,

Most UHI websites that asks you for a login should be secure sites, you can tell this by the s in https in the address bar, and there will usually be a padlock shown on your web browser software.  Incorrect spelling, odd looking graphics or strange website names can be a give-away on fake sites, but many look very professional.

Multi-Factor Authentication content

Multi-Factor Authentication

Multi-Factor Authentication

What is Multi-Factor Authentication?

It is an extra security step put in place to make sure that you have to validate your login via an app, text message or phone call.  This ensures that it is really you that is logging in before access is provided.

Please visit our dedicated page on Multi-Factor Authentication for more information

General identity security content

General identity security

General identity security

Incidents of Social Engineering and Identity Theft are generally on the rise.

Posting certain types of information about yourself publicly online can assist fraudsters. You should guard against making the following pieces of information available generally online;

  • Your full name
  • Your full address (and post code)
  • National insurance number
  • Date of birth
  • Telephone number
  • Mothers maiden name
  • Birthplace
  • Current place of study/work
  • Recent addresses

Having up to date security software on your PC or laptop will also help keep your information secure.  The equipment provided for you at your college site will have Anti-Virus software, Spy/Adware and local firewall software installed, but you need to ensure that your equipment has these installed and that they are kept up to date as new viruses are released all the time.  Some of the new security software will even alert you to sites that may be fake.

When you use shared computer equipment, such as the college PCs or internet café PCs, you should always ensure that you log out at the end of your session.  If you pop away from the computer then lock the session by pressing ctrl+alt+del, then your password will be required to access your session. Many internet browsers have the capacity to store local password information. When using shared resources you should always answer No to any prompt asking if you wish to save your password details.

If you have a Wi-Fi connection at home make sure that this is secured.  Your Wi-Fi manual should provide you with instructions on a couple of easy changes which should make your setup more secure; such as how to change the administrative password for the device and enable WPA/WEP encryption.

Phishing content



See our Phishing page for more information

Top security tips content

Top security tips

Top security tips

Here are some of our top tips.

  • Be aware that you are an attractive target to hackers. Don’t ever say “It won’t happen to me.”
  • Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor.
  • Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
  • Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to. Think you can spot a phony website? Try this Phishing Quiz.
  • Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi  your data could be copied or stolen.
  • Back up your data regularly, and make sure your anti-virus software is always up to date.
  • Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
  • Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information such as where you study, where you work, when you’re on holiday which could help them gain access to more valuable data.
  • Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information, but if they've called you on your landline, be sure to use a different phone to call back as a landline might be connected to the original caller for up to 10 mins after you hang up.
  • Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. If you think your university account has been compromised please call or email UHI Servicedesk.

Acceptable Use Policy

Academic Partner staff and students should also refer to the summary of the Acceptable Use Policy. Staff and Students should be aware that when working from a UHI connected site that you must also comply with the JANET Acceptable Use Policy.