We are frequently making security improvements to the NHSmail service and this month we are introducing a new password policy in line with National Cyber Security Centre (NCSC) guidelines.
What action do I need to take?
To help keep the NHSmail service safe, within 45 days of the new policy coming into effect you will be asked to change your NHSmail password regardless of when it was last changed.
Within this 45-day period, you will receive reminders to change your password via email 18, 10, 5, 2 and 1 day(s) before it is due to expire.
Note: If you don’t change your password in response to these reminders, your password will expire and you will be required to change it at next login via www.nhs.net.
Your new password will be valid for 365 days instead of the current 90-day expiry and must meet the following criteria:
- Minimum length – 10 characters without requiring a mix of character types
- Not matching previous 4 passwords
- Not detected as a common password, for example Password123, Winter2018
- Not detected as a breached password (a password used for an account that has previously been compromised). Breached passwords will be sourced from an internet-based breach database.
Important note: We know that common passwords are currently used on the NHSmail service by a number of users. In the future, users who do not meet the above criteria will receive a failure message when changing their password.
Top tip: A good way to create a strong and memorable password is to use three random words, for example, ‘redhousemonkeys’. Be creative and use words that are memorable to you, so that people can’t guess your password. Further ‘top tips’ are available on the National Cyber Security Centre’s website
To ensure the best experience of your NHSmail account, and to keep your account active, here are some reminders to help you:
- Add your mobile number and security questions to your profile – this will allow you to reset your own password and unlock your account.
- Change your password on all devices – to prevent your account from becoming locked, you will need to update your password on all the devices (including personal devices) that you use to access NHSmail, for example mobile phone, Outlook desktop, tablet etc.
If you do require assistance, please find guidance below:
Thank you for helping to keep the NHSmail service safe.
Have you seen our new support site?
We have listened to your feedback and have launched a new support site for NHSmail which now includes a comprehensive search function.
The new site is available at https://support.nhs.net – any existing links that you use will automatically direct you to the new site.
Last Reviewed Date | 23/05/2019 |