Identity Management and IT Security  Password Policy

Rules for setting passwords and information about password security

Simple, short passwords are easy to remember, but they aren't safe. When using the services of the University Computing Centre, please follow the rules described below.

Password security

For sufficient password security, please note the following points:

  • Use at least twelve characters with numbers, letters and/or special characters.
  • Don't use trivial password such as names, birthdays or words that can be found in the dictionary.
  • Use different passwords for different categories/services (university, internet shopping, social media, etc.)
  • Handle your password the same way you handle your PIN number for banking. Don't share your password, even when you  re requested to share it. University IT personnel will never ask you to disclose your password.
  • Never write your password down somewhere it could be visible, change it regularly and if you save it, only do so in a protected file/folder on your computer.

Rules for passwords

Password length

  • Minimum 12 and maximum 45 characters

Character selection

  • The first character must be a letter.
  • No umlauts (ä,Ä,ö,Ö,ü,Ü,ß)

Additionally, the password must have at least three of the following categories and use the specified permitted characters:

  • Uppercase letters: A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z
  • Lowercase letters: a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
  • Numbers: 0,1,2,3,4,5,6,7,8,9
  • Special characters: -,!,?,$,&,*,+,#,%

Example phrase for a password

“every Sunday, my father explains the night sky to me and the cafeteria is always closed!”

The first letter of the words create the password: "eSmfetnstmatciac!18".