NHSmail: changes to password policy

NHSmail: changes to password policy

May 28, 2019

NHS Digital are introducing an improved NHSmail password policy this month, which will include less frequent password changes.

NHSmail users’ passwords will become valid for 365 days instead of the current 90-day expiry. This change follows PSNC, on behalf of the Community Pharmacy IT Group (CP ITG), lobbying NHS Digital about its approach to frequent forced password changes for national systems including NHSmail. PSNC asked NHS Digital to consider applying the National Cyber Security Centre’s (NCSC) guidance that states:

Regular password changing harms rather than improves security, so avoid placing this burden on users”.

NHSmail users will be notified they must change their password within 45 days of the new policy’s introduction. The new policy also adopts some of the NCSC’s other password guidelines; new NHSmail passwords must follow criteria including:

  • a minimum length of 10 characters without requiring a mix of character types;
  • not matching your previous four passwords;
  • not detected as a common password, e.g. password1234; and
  • not detected as a breached password (a password used for an account that has previously been compromised).

Top tip: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.

Commenting on the change in password policy, Alastair Buxton, Director of NHS Services at PSNC said:

“We have lobbied NHS Digital over the last two years to update their approach to passwords, in order to conform to UK Government guidance, so we are delighted that they are making this change to NHSmail. We hope they will likewise make this change as soon as possible to all other national NHS IT systems, such as EPS.”

PSNC, working with the CP ITG, maintains a list of commonly requested NHSmail features. If you have a suggestion then please email PSNC’s Community Pharmacy IT Lead.

Read more at: PSNC’s NHSmail webpage and at the NHSmail webpage about the change to password policy.

Posted in:

More Latest News >

CPCS Toolkit published

The NHS Community Pharmacist Consultation Service (CPCS) will commence on 29th October 2019 and the Toolkit to support pharmacy teams to provide...