You are here: Programme news

Coming Soon...changes to the Password Policy and the Login Screen

ESR Password Policy image

Users will notice a number of key changes following the implementation of ESR Release 49 (planned for 26th March) to some of the most used areas, including the login page, password expiry and password criteria.  Details of the changes are set out here and will apply to all new user accounts with the password criteria also being applicable to existing users when passwords are updated.

Password Criteria

As mentioned, for existing user accounts the password criteria detailed below will need to be used once the password is either reset or is required to be changed.  For any user accounts created following ESR Release 49 then the below rules will need to be followed.

New Criteria

Previous Criteria

Must be minimum of 12 characters

8 characters

Remove enforced use of at least one letter and one number

Password must contain at least one letter and one number

Special characters permitted e.g. %@!()

Some special characters are not permitted

May not be the same as previous four passwords

Must differ from previous passwords

All other criteria for passwords remains the same with passwords not allowed to contain reference to certain common, or easy to guess information such as username and location for example.

Password Expiry Periods

For user accounts created following ESR Release 49 the 90 day timeout will no longer be set as the default.  Instead there will be no timeout period defined i.e. the password will never expire.

The Auto User Account Creation process, which creates new user account for qualifying new employees, applicants and external users has also been updated to use all of the new rules outlined above.

Local Communication for Users Password Policy poster

To help ESR Leads we have developed a pdf poster that can be used internally to help NHS employees understand the changes to the Password Policy.  You can download it here.


No comments have been left for this article

Have your say...

Your name will be published alongside your comment but we will not publish your email address.

All comments will be reviewed by a moderator before being published.

Please ensure you complete all fields marked as mandatory.