Username and password security guide

1. About username security

A username is a way to instantly introduce yourself to a computer, program or service. Your password then backs up this information by confirming that you really are who you say you are. Your username may vary, depending on whether you are using broadband or dial-up to connect to the Internet.

E.g. A broadband username looks like: (or for Force9 customers or for Free-Online customers) and a dial-up username looks like: username

(Note: This may be different - check your username settings).

Username security is often wrongly overlooked when thinking about staying secure when you're online, with more importance given to passwords.

Your password must have a valid username linked to it, otherwise it won't allow access to your computer, application or service. Because of this you shouldn't let your computer automatically remember your username and password for you. Try and get into the habit of either entering your login details each time you connect, or at least just your password.

2. Ways you can find out your password and broadband username

Your password: If you've forgotten your password, use our Password Recovery Form.

Your broadband username:

Don't worry if you've forgotten your broadband username. You can either:

Check in the Member Centre

  1. Log into the Member Centre.
  2. Under the heading Manage Account in the left hand navigation bar click on Connection Details.
  3. Find the Login name row in the table (3rd row down) � this is your broadband connection username, e.g.

Please note: Your broadband username is different to your account username. It is not possible to change an account's username once the account has been created. In order to change your username you must cancel your account and create a new account with your preferred username.

Check your modem/router

Look in your modem/router's connection settings. When you set up your broadband connection these details will have been automatically stored, although for security reasons your password will be disguised (e.g. ********).

1. About password security

Nowadays there is a real and growing threat of data thieves, hackers and other criminals taking advantage of people who aren't security conscious.

The passwords you already use, (not just those for your Plusnet services), offer a good first line of defense against intruders on your computer, for very little time and effort. However, your computer is only really as secure as your username and password. So, everyone can take steps to improve their password security, just by following a few common sense tips.

Simply by doing some or all of the things we suggest in this guide you'll instantly increase your computer's protection, as well as protecting your own personal information.

Note: For added security Plusnet use several methods of encryption on all customer passwords. This uses complex algorithims to scramble and de-scramble your passwords, making these extremely hard to be read by data thieves or hackers.

2. Choosing a secure password

The best kinds of passwords are those which can't be easily guessed by intruders. The trick is to try to create a password which you find easy enough to emember, but random enough to make a difficult barrier to get past. Here's some help:

  1. Your password should be - between 8 and 16 characters in length and ideally include at least one number.
  2. Don't create an obvious password - but make it easy to pronounce (this way you'll remember it more easily). This will help reduce the threat of your password being found by 'dictionary' based tools which some attackers use.
  3. Characters which can be used
  4. Upper case and lower case letters (a-z and A-Z)
  5. Numbers (0-9)
  6. Special characters (!##%&()*+,-./:;<=>?@[]^{|}~. )
  7. Characters which can't be used
  8. Single quote - '
  9. Double quote - "
  10. Backslash - \
  11. Pound sign - £
  12. Space
  13. Passwords can begin and end with a letter, number or a special character
  14. Create a passphrase - why not take the first letter of each word from a line in your favourite song, or book and put them together to make a word?.
  15. Most importantly - always use different passwords for different programs and services. This reduces the threat of anyone using the same password to log into all of your services/accounts.
If you change your password you may need to update your hardware settings.
Check the instructions that came with your hardware for how to do this.
Plusnet routers received after 15th July 2009 will update the password automatically, for all other Plusnet hardware see our Hardware Setup Guides.

3. Password security dos and don'ts

tick Use a password if you share a computer with other users. If you don't you are risking other people having access to your personal information, deleting files or even using your account to pretend to be you online.
do Have different passwords for different things - don't use the same password for every application or service.
don't Write your password down - if you can try and memorise it. If you can't remember your password and do have to write it down, try and disguise it, leaving it in a secure place.
do Don't choose an obvious password - e.g. your name, or a family member's or pet's name, your date of birth, telephone number, the current month or 'password'. It's very easy for someone to guess all of these.
don't Keep the same passwords - change them every once in a while and don't re-use a password for at least a year.
• Change passwords at work - every 2 months
• Change passwords at home - every 6 months

1. Where to change your passwords

Service When is the password set? How do I change the password?
• Broadband access
• Dialup access
• First Plusnet email address
• Website login
• Homepages login
• Homepages Webstats
During signup. You enter a password of your choice Change your account password using the Change Password tool.
Additional mailboxes When mailboxes are setup At the Member Centre in the Email Settings section under Manage My Mail
CCGI Uses your current password when CCGI is activated Contact us to request a CCGI password reset.
MySQL A random password is generated Contact us to request a MySQL password reset.
We will generate you a new password which will be emailed to you.
Webstats (CCGI) Uses current password when component is activated Contact us to request a password reset. We will reset your webstats password to match your main account password.

1. Configuring password policies in Windows

Changing your computer's password settings means that a particular password can't just be re-used over and over again.

Important: We suggest you only configure your Windows password policies if you are an experienced user, confident with changing system settings. If you are unsure, don't make any changes.

In Windows XP:

  1. Click Start.
  2. Click Control Panel.
  3. Click Performance and Maintenance.
  4. Click Administrative Tools.
  5. Click Local Security Policy.
  6. Click the plus-sign (+) in the left pane to open Account Policies.
  7. Click Password Policy.

2. Enforce password history

This lets you set the number of days that Windows will remember passwords before they expire.

  1. Double-click Enforce password history.
  2. On the screen that appears choose any number between 0 to 24 from the drop-down. This is the amount of passwords that Windows will remember. Setting this at 0 means that no passwords are saved.
  3. Double-click on Maximum password age.
  4. On the screen that appears choose any number between 0 to 42 days from the drop-down list. Setting this at 0 means that passwords will never expire. (We suggest that you set this to 30 days or less - so that passwords are changed on a monthly basis).

3. Minimum password age

This lets you set the number of days which must pass before a password can be changed again.

  1. Double-click Minimum password age.
  2. On the screen that appears choose any number between 0 to 998 days from the drop-down list. (We suggest that you set this to at least 3 days if you've set the Maximum Password Age (above). The Minimum Password Age can't be higher than the Maximum Password Age. If the Maximum Password Age is set to 0 the Minimum Password Age can be set from anything from 0 to 998 days.

4. Minimum password length

This lets you set the minimum number of characters that a password can contain.

  1. Double-click Minimum password length.
  2. On the screen that appears choose any number from 0 to 14 in the drop-down list.

5. Password must meet complexity requirements

This lets you set the password length and type of characters that a password can be made up of.

  1. Double-click on Password must meet complexity requirements.
  2. On the screen that appears choose Enable.
  3. You will then be given a number of password rules:
  • Password must not contain significant portions of the user's account name or full name.
  • Password must be at least 5 characters in length. (We suggest setting this to at least 8 characters to make passwords secure).

6. Store password using reverse encryption

This lets you keep a check on all the passwords used on a computer.

  1. Double-click on Store password using reverse encryption for all users in the domain policy.
  2. On the screen that appears choose Enabled.

Important: Password storing makes your password security less secure. Enabling this is basically like writing every password used on a computer in a text file, meaning these can be checked very easily. You should ONLY turn this on unless you really need to log all the passwords used on a computer.

Search Help articles