RMIT University

Password procedure

Intent and objectives

To define the rules concerning the use and security of passwords that must be observed while conducting RMIT business, teaching, learning and research activities. This policy provides a foundation for additional practices and standards that will more specifically communicate RMIT requirements related to RMIT passwords.

To ensure that authorised users of RMIT computer systems are aware of their responsibility to protect their passwords to these systems.

To ensure that RMIT staff and contractors who develop, acquire and administer RMIT computer systems are aware of the technical password controls that these systems must comply with.


All computer systems and network devices that support an RMIT provided service and which use the combination of a username and a password for authentication, and all their users.


1. Staff, students and any other authorised user must take reasonable steps to protect the secrecy of their password. For example:

2. System Administrators with responsibility for establishing and/or maintaining password controls must ensure that the controls comply with the RMIT Password Standard. Default vendor and manufacturer passwords must be changed during product installation.

3. Project Managers with responsibility for developing or acquiring a new application must ensure that the password controls comply with the RMIT Password Standard.

4. Administrator passwords must be stored in a secure location to ensure that they are readily accessible when needed. The owner of the application or system is responsible for ensuring that appropriate arrangements are in place for the secure safekeeping of the administrator password.

5. System Administrators and Project Managers may believe that there are valid business and/or technical reasons for the system or application not complying with the RMIT Password Standard. If this is the case, they may seek a dispensation by following the formal dispensation process established by ITS. Please refer to the RMIT Password Guidelines (rescinded 11 June 2015).

6. Students and staff should refer to the RMIT Password guidelines (rescinded 11 June 2015) for tips on choosing a new password that is hard to guess but easy to remember.

Password procedure

Related policy

Related documents

Password procedure

Password - protected string of characters that identifies or authenticates a user for access to a computer system

Password procedure

Policy group


Vice-President Resources

Document ref


Operational responsibility

Executive Director Information Technology Services

Date approved

20 December 2007

Last reviewed

Approval authority


Next review

January 2010