IDG News

Password Changes Coming Soon

On Tuesday 20 September 2022 we implemented stronger password rules to access CRNCC systems that use the IDG login. This included a mandatory password change required to improve security. This mandatory change only applies to people who access IDG through a non-NIHR account. NIHR accounts have already had this change applied.

The forced change applied to all users logging in after 20 September 2022 and therefore access to all ongoing or new studies and services will be impacted.

What is changing?

Stronger password rules are being implemented to all systems accessed via the NIHR Identity Gateway (IDG).

These systems include: NIHR CPMS, CRN Finance Tool, Open Data Platform (ODP), and NIHR Learn; and some HRA systems including the new are of IRAS, E-Submission of Amendments, Online REC Booking.

From 20 September, you will be required to update your login password to a minimum length of 12 characters.

What do I need to do?

Now the password rule is applied, you will need to manage the change via the email inbox linked to the account you are using.

Whilst, this will be a one -off change, we will soon be implementing further authentication updates, which will require ongoing access to the email inbox associated with your IDG login.

Therefore, if you are using a generic/shared account to login and manage your studies, you must ensure that all team members have access to the email inbox associated with the IDG account.

Please note that whilst we acknowledge the business continuity benefit of using shared/generic accounts, this practice reduces the protection of the account. It is recommended that you arrange for all users to have separate accounts and for study access to be granted to all relevant staff. Details of how to create a new IDG account can be found on the IDG Portal. Guidance on adding users to CPMS studies and IRAS projects can be found in the relevant system guidance.

Why are we doing this ?

While being able to access our IT systems online makes them easier for you to use, it also increases the risk of cyber-attack or hacking. As part of on-going improvements to keep NIHR/HRA data safe, we are increasing the level of protection around accounts that use our IT systems. We are doing this in line with the guidance provided by the National Cyber Security Centre through their Cyber Essentials standard, and in line with the requirement of DHSC that we follow this guidance.

Advice on Passwords

The National Cyber Security Centre advise the use of Three Random Words to make your password easier to remember and hard for a hacker to crack. The new rule will be that your password must have a minimum length of 12 characters. Length is a better way of protecting passwords than complex rules, and the requirement for lots of different character types will disappear. However you can still use them if you want. For more detail on choosing (and remembering) a good password see the NCSC password setting guidance

Need to know more ?

If you need to know more about this change, then you can contact the CRN Service Desk at or on 0207 333 5894