The first time you log into your NHSmail account at www.nhs.net, as a new user you will need to complete three tasks before you are able to start using your account to send and receive emails; Accepting the Acceptable Use Policy (AUP), updating your profile and setting your security questions and answers.
Firstly, every user of the NHSmail service is required to sign up to the AUP. This policy defines your responsibility to make sure you use the NHSmail service properly and without doing anything to compromise the security of the information that you send or receive. It is a promise to all NHSmail users, the public and patients that you are continually mindful of the information that you are sharing over NHSmail.
Acceptable use policy only appears when you follow welcome email or log into the NHSmail portal for first time via the Login button in the top-right of main NHSmail page.
To log in for NHSmail for the first time as a new user:
1. Log into your NHSmail account using your temporary password via the Login button in the top-right of front page.
Your local administrator will provide you with your temporary password following a method approved by local policy guidelines.
You will then be prompted to change your password
2. Enter your old password and new password twice in the appropriate text boxes and click Submit
Do not use the ‘£’ character in passwords as it is not supported in certain application layer protocols.
Note: Refer to the Additional Information box below for information on password requirements
Once the password has been accepted, you will be prompted to log in with this new password
3. Enter your new password and click Sign in
4. Read the Acceptable Use Policy and agree to the terms by clicking Accept at the bottom of the page
You will then be prompted to update your profile details and set your security questions and answers
Once you have accepted the AUP, please wait up to 2 hours for account synchronisation activities to complete – you will be unable to send emails from your NHSmail account during this period. Please do not contact the helpdesk unless you continue to experience issues after the 2 hour window has elapsed. Please visit the O365:Platform sync timings support page for further information.
For your password to be valid it must meet the following criteria:
- Minimum length – 10 characters without requiring a mix of character types
- Should not contain the ‘£’ character
- Not matching previous 4 passwords
- Not detected as a common password, for example Password123, Winter2018
- Not detected as a breached password (a password used for an account that has previously been compromised). Breached passwords will be sourced from an internet-based breach database.
Your new password can be used for up to 365 days.
If you receive an error when attempting to change your password, check that it meets the requirements listed above and try again.
| Last Reviewed Date | 25/10/2021 |
