AEMAUTO-RMIT-Service-Access-Information-Template-v1

Learn how to make a strong password, protect your data and connect to your desktop remotely.

Reset your password

Before you start

In order for staff to use Self Service Password Reset (SSPR), you must first set up your phone details in Workday. Visit the My details page to learn more.

My details

RMIT password reset tool

Watch this video and learn how to use RMIT's self-service reset tool to change your password.

Step one

Go to Self Service Password Reset or select the "Reset your password"/"Forgot your password?" link at any CAS or MyApps login page.

Central Authentication Service login, select Reset your password

MyApps login page, select Forgot your password

Step two

Enter your staff ID and last name
Complete the "I'm not a robot" reCaptcha test
Press Submit.

Step three

Choose whether you would like the password reset code sent to your mobile or to your personal email address.
An access code will now be sent to you so that you can reset your password.

Step four

Retrieve the code and enter it into the field (the code is case sensitive).

Step five

You can now create a new password for your account.

Password controls statement

We have put several password controls rules in place to help you create secure passwords and protect our data.

Expand all sections

Minimum password characters: 8 characters

Maximum password characters: 25 characters

Password history: 15 passwords

Minimum password age: 0 days

Maximum password age: 180 days

Password complexity: Password must contain characters from three of the following four categories:

English uppercase characters (A-Z)
English lowercase characters (a-z)
Numeral digits (0-9)
Non-alphabetic characters (~! @#$%^*_-+=`|\(){}[]:;"'<>,./ (with the exception of & and/or ? which are not supported by some systems)

Intruder lockout:

Account is automatically disabled after 15 consecutive failed login attempts.
Consecutive failed logins must occur within 30 minutes for intruder detection to activate
Login is disabled for 30 minutes. After the specified time elapses, the system re-enables login for the user account.

Change of initial password at first login before granted entry: Applicable

Minimum password characters: 10 characters

Maximum password characters: 25 characters

Password history: 15 passwords

Minimum password age: 0 days

Maximum password age: 90 days

Password complexity: Password must contain characters from three of the following four categories:

English uppercase characters (A-Z)
English lowercase characters (a-z)
Numeral digits (0-9)
Non-alphabetic characters (~! @#$%^*_-+=`|\(){}[]:;"'<>,./ (with the exception of & and/or ? which are not supported by some systems)

Intruder lockout:

Account is automatically disabled after 10 consecutive failed login attempts.
Consecutive failed logins must occur within 60 minutes for intruder detection to activate.
Login is disabled for 60 minutes. After the specified time elapses, the system re-enables

Change of initial password at first login before granted entry: Applicable

Minimum password characters: 20 characters

Maximum password characters: 25 characters

Password history: 15 passwords

Minimum password age: 0 days

Maximum password age: 365 days

Password complexity:

Password must contain at least one lower case letter (a,b,c,…z)
Password must contain at least one numeral (0,1,2,…9)
Password must contain at least one special character

Intruder lockout:

Account is automatically disabled after 10 consecutive failed login attempts.
Consecutive failed logins must occur within 240 minutes for intruder detection to activate.
Login is disabled for 240 minutes. After the specified time elapses, the system re-enables.

Change of initial password at first login before granted entry: Not applicable

Security

Information Security – Data Loss Prevention (DLP)

Each day, enormous amounts of data and information are created, stored and distributed across RMIT. Keeping this information and our staff, students and stakeholders safe is a top priority. To ensure our data is protected, new sensitivity labels can now be applied in Office 365 to all emails and documents that you create and/or share at RMIT. The sensitivity label you select will depend on the type of information you are planning to share and how the recipient may use it.

Suspicious email (possible phishing)

If you receive any email of which you are suspicious, please do not follow any links contained in the email - instead, report the email via the Phish Alert Report icon on your Office Toolbar.

Please ensure you are forwarding the original email to the above address, and not composing a new one.

NOTE: when you use the Phish Alert Report icon, you should receive an automatic reply.

Automatic reply text:

Thank you for taking the time to report your suspected Phishing email. Your action in reporting this email is extremely valuable and helps us to respond quickly to real Phishing attacks against RMIT. For training purposes, RMIT will regularly send simulated Phishing emails to RMIT staff. We encourage you to continue to report all suspected incidents of Phishing.

Next steps:

If your email is identified as genuine Phishing, we will take the necessary steps to minimise any real or potential cyber security breach. We will block the sender and communicate to impacted staff if necessary.

Phishing is an ongoing threat to the online safety of RMIT data.

If in doubt:

Please do not open or click on links or attachments if the email is not from a trusted source or purports to be from someone you know but seems out of character. Take a moment to validate the email address or call the sender.
Don’t disclose sensitive or personal details over email
Don't click on email attachments with unusual file extensions or names unless you are expecting the email.

Thank you for your efforts in helping to protect RMIT’s data and information.

For urgent Cyber security assistance, please contact: +61 3 9925 8888

AEMAUTO-RMIT-Service-Access-Information-Template-v1