Passwords can get stolen - especially if you use the same one across multiple sites.
The University's Acceptable Use Policy requires users to use two-factor authentication (2FA) to access records
2FA adds an extra layer of security which aims to prevent harmful behaviour, and protect the University and its people from cybercrime.
So if your password is compromised your Extended Self Service account will remain secure.