Choosing a secure password

IT Services will soon be deploying a new system for changing and resetting passwords which will be accompanied by updated guidelines for choosing secure passwords. This post outlines some of the thinking behind these new password guidelines and we welcome feedback.

Three steps to better passwords

  1. Size Matters – four random words is much better than 8 random characters
  2. Don’t use your Edge Hill password anywhere else
  3. Never share your password with anyone else or on a non-Edge Hill website

Let’s look at these recommendations in more detail.

Size Matters

When it comes to making passwords secure and hard to guess, the most important thing is that they are long. Historically, many websites and organisations have insisted on choosing a password containing a mixture of upper and lowercase letters, number and special characters but this just makes passwords that are hard to remember and hard to type.

It is much better to choose a longer password of four or more random words that someone wouldn’t be able to guess, even if they know you. This is better because there are more combinations of words to pick from in the English language (and you could choose a foreign or made up word!) than there are shorter passwords made up of letters, numbers and special characters.

This difference was summed up by the web comic xkcd several years ago:

There are many ways to pick some random words but one idea is to picture yourself sitting somewhere you know well – like your kitchen – and choose things you can visualise as you “look” from left to right… “toaster espresso saucepan stool”. Even if someone knew you’d based your password on things in your kitchen they’d still need to guess your combination of how you see things.

Don’t reuse passwords

After choosing really basic passwords like “password” or “letmein”, the most common cause of an account being broken into is reusing the same password in different places. This is because when a company is hacked and their list of passwords stolen, these will be used to break into other accounts either of the same person, or just trying them against any username.

For this reason you must never reuse your Edge Hill password for any other website or service. When you change your password you should also never reuse an old password, either directly or by changing it just a bit (don’t just add “1” to the end of the password!)

You can test your choice of password against lists of compromised passwords on the Have I Been Pwned website – this shows that “everton1!” has been seen over 30 times in breached websites.

Remembering a different (secure!) password for every website is very hard so you could make use of a password manager. This is a piece of software running on your computer and phone, or a web service, that will securely store all your passwords. You’ll only be able to access them after you’ve entered a master password.

Read more about password managers on the Which? website.

Never share your password

You are responsible for actions when logged in with your account so never share your password with anyone else.

It is against the University IT Acceptable Use Policy to share your password with anyone else. If you suspect someone else knows your password or you are issued with a temporary password by IT Services, you must change it straight away.

Staff in IT Services will never ask you for your current password so don’t tell anyone purporting to need it. If you need assistance, IT Services can either take remote control of your Edge Hill computer where you can enter passwords yourself or they will reset your password and issue a new temporary once they have finished.

You should only enter your username and password into websites you trust to belong to Edge Hill. Look in the address bar to ensure it’s a secure connection on an site. Be on the lookout for disguised phishing websites, for example:

Note the missing slash after which means it’s not our website. If you come across a phishing website or email do not enter your password and inform the IT Service Desk.

This is still very much work in progress so please leave any comments below.

[If this sounds familiar, it’s because this is basically what I’ve recommended for the last 7 years]

GOing… GOing…

GO will be going this Summer, to be replaced by a new home for students and staff to access University systems and services and find information to support their studies or work. This series of blog posts will explain some of the changes that are coming…

Last time we looked at the history of GO as Edge Hill’s staff and student portal. While GO offered customisation, in the design of new student and staff homepages we are looking to offer a standard set of functionality to provide quick and easy access to the information and services that the majority of users need most frequently.

Our Google Analytics data shows that most users logging in go straight to key university systems and services like email, Learning Edge or access to files so these have the greatest visibility.

Some services are popular only at certain times of the year so it’s important to improve visibility of these links during those periods both to promote their use and to make them easier to find. Something like requesting a parking permit is going to have a flurry of activity this month, but quickly tail off and following the initial surge of requests, it’s okay for it to be discoverable through different routes.

Not everything can be a top level link and we need to provide access to the wide range of information and services used by staff and students less frequently.

We’re taking a few different approaches to this:


We’ve categorised and grouped all the links to information and services we provide from these new homepages into a handful of broad headings like Living and Money Matters. These purposely don’t map directly to departments as often users don’t know (or care?) who provides a service, they just want to find something out or get something done. Each category might have its own top/popular/timely featured services which serves the purpose of highlighting the kind of information inside and providing quick access to commonly used systems.


First up – “solving” website search is hard, like, really hard. I’ve been trying for the best part of ten years to make the best possible site search and it’s impossible to get it right for every search query from every user. There’s a reason Google have thousands of engineers working on the problem. We’re able to tap into some of that work and we currently use Google Site Search to power our website search engine. It works on a subset of their main search engine index meaning only public web pages can be included in the results making it useless for GO which was all behind a login but ideal for our new student and staff homepages where we link to public “gateway” pages rather than directly to the authenticated system. By using Plain English and adding metadata to pages we should be able to return relevant results (e.g. we need to return the page about Intercalation when a student has never heard that term types in take time off). It’s not going to be perfect and please let us know when you come across things you don’t expect!


Last time I talked about how the customisation features of GO have a very low adoption rate and introduce support challenges but with personalisation we’re taking a different approach. We’re looking at ways to supplement the default user experience with additional functionality tailored the users needs and usage patterns. For example if there is a particular service that a user accesses on a regular basis we might bump it up the list so it’s quicker to access. If a user is already logged in then we can provide students with links relevant to their course and staff links appropriate to their role and department. Unlike the customisation features in GO, this won’t require the user to do anything extra and it should supplement default content making support easier. We have a few technical challenges to overcome before we can push some of this functionality out, but it’s coming Real Soon Now.



GO will be going this Summer, to be replaced by a new home for students and staff to access University systems and services and find information to support their studies or work. This series of blog posts will explain some of the changes that are coming…

GO has been Edge Hill’s staff and student portal for a long time: the current version can trace its routes back 10 years. In that time it’s had over 100 million views and used for a total of 290 years.

The initial launch of GO was the first time we had a single point of access to a range of services for students such as the VLE, email and module re-enrolments, plus links to support and information.

The platform introduced single sign on for many services meaning you could log in once and be signed into a range of systems without having to reenter usernames and passwords. Before GO users would often have to remember different passwords for each system.

While GO has served us well, we perhaps haven’t given it as much TLC as we would have liked over the last couple of years and it hasn’t kept up to date with the latest technology and ways people access services online.

While the main Edge Hill website has a responsive design – it adapts to show well on mobile phones and tablets as well as desktop computers – GO’s main interface does not which means a non-optimal experience for the fifth of users accessing from a phone. The main site sees over a third of visitors from a mobile device so there is potential for growth if we improve the user experience.

When GO launched there was a trend towards providing users with the ability to customise their user experience. We followed the example of sites like iGoogle and Netvibes in pulling in widgets from both our own services and third party sites and presenting them in a single dashboard. These could be added and removed, and the whole page customised to suit the user.

There were two main problems with this approach. Firstly, it is difficult for staff supporting students to know where to find information as it’s not necessarily in the same place, or may have been removed entirely. Secondly the adoption rate of customisation features was very low, and while it was welcomed by a small proportion of users, it didn’t garner enough use to justify significant further development.

Ten years is a long time in IT and a number of the underlying systems that power GO are a little long in the tooth and approaching the end of their life, with better alternatives available.

Next time we’ll be looking at some of the thinking behind the development our new student and staff homepages.

Brand new Street View imagery

A few years ago we had a visit from the Google Street View trike and a year later the imagery was published. Quite a lot has changed on campus since then: the Hub, under construction in Autumn 2010 is now a hive of activity; BioSciences has had a growth spurt and (more than!) a lick of paint; and the entire Eastern Campus including Creative Edge, brand new halls and a lake (with a beach!) have sprung up from nowhere! So last summer we figured our Beautiful Campus could do with another visit from Google and booked them in for Freshers Week last September. The new imagery is now live on Google Maps so take a look around.

Here’s a few of my highlights but leave a comment if you find something interesting!

Eastern Campus Beach

Crossing the bridge

This time the man from Google came with a Street View Trekker instead of the trike so was able to get to even more places!

The new and the old


How many can you find?!

Down the stairs


Wouldn’t be Edge Hill without a few ducks!

Rain forest or rock garden?

Old imagery

The 2010 imagery hasn’t been completely replaced so there’s a few places where they visited originally that haven’t changed including this shot from behind the swimming pool.

Tech Events in the North West

A colleague just asked me about BarCamps in the North West and I got a bit carried away in the reply, covering a whole host of tech activity happening in Liverpool and beyond. Here’s an edited version of my email:

  • BarCamp Blackpool is typically early summer so it’ll probably be in June or July and the couple I’ve been to have been very good events. Manchester ran last November so I’m guessing they won’t be doing another until the Autumn; Liverpool have tended to run a touch less frequently.
  • Ignite Liverpool – Short Pecha Kucha style presentations showcasing things people are passionate about. There was one of these last Thursday but they are pretty regular in Liverpool and may be some in other cities.
  • GeekUp – much smaller events – usually just a single talk followed by drinks/chat. Liverpool events tend to happen at the DoES Liverpool co-working space
  • DoES Liverpool – all sorts of events happen at their rooms in the Gostins buildings. Maker Night takes place in their workshop and I think they even have a sewing club.
  • TEDxLiverpool – independently organised versions of the TED events and the Liverpool/Manchester/Newcastle ones are very good (organised by Herb Kim). 15 speakers for £10 for students is a bargain.
  • Social Media Café Liverpool – another good, friendly event with more of a focus on social media but many of the topics are broader than that. Next event seems to be 29 May.
  • SWIG – Liverpool WordPress group is on hiatus at the moment but I’m hoping it will make a reappearance at some point.
  • OggCamp – a bit like BarCamps but slightly more geeky, if that’s possible! A few of them have happened in Liverpool but I’m not sure if they move around.
  • PHPNW – first Tuesday of the month in Manchester – seems to be more detail on Twitter (@phpnw) than their website. They also run an annual conference which is very good.

Many of the events are listed at which is maintained by Neil Morrin.

Week(s) Notes: 4 April 2014

Okay, so I lied and we’ve been awful at keeping on top of the week notes but here goes with an overview of what we’ve been up to since last time.

  • Dozens of updates to our digital signage across campus.
  • One of the screens in the GeoSciences building now has Department of Geography specific content to welcome visitors through the door.
  • The Creative Edge video wall has featured a tribute to Stuart Hall plus hosted content
  • Set up an environment to internally host a web service from the Department of Computing, complete with git hooks for easy deployment.
  • Supporting promotion of the National Student Survey – if you’re a final year student it’s not too late to have your say!
  • A few maintenance updates to our PC Availability service and looking at some of the reporting work done last summer.
  • Discussions about the English & History website and how it will fit into our new WordPress theme.
  • Student (and some staff profiles) are now hosted in WordPress. While not actively linked to you can explore them all on the profile wall.
  • Profiles are also available via oEmbed allowing really easy reuse of content across sites. See how they look on the Law and Criminology student profiles page.
  • Undergraduate and Postgraduate subject pages are now in WordPress incorporating embedded videos (as a slider for Teacher Training and Health) and a profiles slider.
  • Completed the upgrade to FontAwesome 4.0.3 – a painful process when most references to the old icon- classes are trapped in serialized WordPress tables. Only made possible by the fantastic Search-Replace-DB by Interconnect/IT.
  • Added a widget area to our content page templates. These will allow the easy creation of sub homepages comprising rows of 1-4 widgets at the top of any given page.
  • The above designs are a prerequisite for moving large sites such as the Faculties of Education and Health & Social Care over to the new theme. This work has now begun in earnest!
  • Website updates and migrations for Admission, External Examiners, Inclusive Services and probably others I’ve forgotten.
  • Spring cleaning some of our older sites with a purge of old code that’s no longer used and tracking down the cause of various 500 errors that trigger alerts each time their URL is hit.
  • Learning Services moved to new theme (it’s a big, high traffic site so deserves a mention on its own).
  • The annual cloning and publishing of new course “presentations” has been completed with colleagues from Corporate Comms. 2015 is now live!
  • The homepage now features full width slides allowing us to better highlight Edge Hill’s stunning campus.
  • Improved the print stylesheet for our site.

Finally the raw stats:

  • JIRA – Created: 199; Resolved: 192
  • RMS – Created: 154; Cleared: 159

That’s all for this week term- we’ll try to be back next Friday with a regular amount of updates.

Week Notes: 7 February 2014

We’ve been slacking with the Week Notes during January but now we’re back! Here’s what we’ve been up to in the last week.

  • Following its launch before Christmas, the University Homepage is getting further updates to increase the impact of the feature stories and allow better discovery of content in the “cards”.
  • Over the last month we’ve been frantically upgrading departmental sites – a fairly straightforward job for those on our old “Child of Twenty Twelve” theme but requiring more work for sites moving from our older Twenty Ten based theme. Hold tight if we’ve not got around to your site yet!
  • Profiles are dangerously close to being served up from WordPress – demonstration to colleagues next week will finalise what more needs to be done.
  • The video wall in Creative Edge won an award for our supplier PureAV. We now have a number of video sources hooked up to the screen and will be working with colleagues across the university to push even great content out through it.
  • JIRA – Created: 18; Resolved: 23
  • RMS – Created: 27; Cleared: 36

I’ll leave you with the latest game from UsVsTh3mWhich 8-bit computer are you?

I grew up in a BBC Model B house and the quiz got close saying I was a BBC Master – I think it was my Dad “organising Scout jumble sales” which gave it away!

Bonus Week Notes: 23 December

It might be the last working day of the year for Web Services but we’ve pushed a few things live:

  • New mega menu navigation now contains a “social media” link.
  • Scroll indicator on the homepage to encourage discovery of all our great content.
  • The Study homepage is now powered by WordPress as is every page linked directly from it – we’ll be rolling out across Undergraduate and Postgraduate sites over the coming months ahead of a full review of our online prospectus.
  • We’ve made some minor improvements to the responsive site navigation. This is the main prerequisite for us switching other sites into the new theme which we’ll be doing early in the new year.

We’re now going to step away from the svn commit to avoid breaking anything else!

Have a great Christmas and a fantastic New Year!

Week Notes: 20 December 2013

This week we have mostly been launching this:

New Edge Hill University homepage
New Edge Hill University homepage

We’ll blog more about it after the Christmas break but a few interesting points below:

  • New server build to support the new WordPress powered homepage.
  • Varnish caching layer to make page serve times fly!
  • New Faculty of Arts and Sciences website.
  • Lots of support to departments updating their staff profiles.
  • Discussions about promotion of the National Student Survey.
  • Meeting with Learning Services to look at moving their site to new WordPress theme.
  • Meeting with Media about their website.
  • Meeting with Performing Arts about their website. (Can you see a pattern yet?!)
  • Probably some other things I’ve forgotten about following the IT Services meal out yesterday.
  • JIRA – Created: 29; Resolved: 32
  • RMS – Created: 15; Cleared: 18

This will be the last Friday week notes of 2013 – please let us know in the comments if you’ve found them useful.

I’ll leave you with a look at where we’ve come from:

Week Notes: 13 December

  • WordPress 3.8 is now running on both and the Corporate Website. There are lots of new features covered in the video below but if you’re an editor and want the old colour scheme back then get choose light from the edit profile page.
  • Updated the Web Services blog to the latest Twenty Fourteen theme – hope you like reading our posts!
  • Testing JS Hacks on Blackboard to more closely integrate with other staff- and student-facing services under the GO banner.
  • Sport website now in the new WordPress theme.
  • YouTube Live streaming of the December Graduation ceremonies went very well. There’s a short write up about it.
  • Updated the spam sales calls page for Corporate Communications. Four years ago I attempted a similar thing but it’s not always been successful – I get as many sales emails and calls as ever and I’m sorry to say I’m no better at telling companies when we’re not interested.
  • New homepage and theme developments ahead of a lunch before the end of term:
    • Reviewed and updated the contents of the mega menus.
    • Updated slide designs
    • Steve Johnson has done some great work on new Undergraduate, Postgraduate and Study homepages in the new design – these will launch alongside the new homepage.
    • Upgraded to the latest version of FontAwesome. This is incredibly painful when the use of many icons are stored in (serialized) database rows.
    • Lots of optimisation to attempt to improve the page load time.
  • JIRA – Created: 49; Resolved: 42
  • RMS – Created: 27; Closed: 31

That’s all for this week but check out a couple of festive microsites that other Universities have released:

Maybe we’ll join them next year when we’re not trying to launch a new homepage!