Skip to Content

S(kim) - Service Kommunikation Information Medien

Dokumentation: Benutzerzugang (IDM)
TH OWLS(kim)DocumentationUseraccountPasswords

Dealing with passwords

What is the password for?

The password makes it possible to control access authorisation to a computer.
If used correctly, unauthorised use of computer systems can be largely prevented.
Among other things, this protects data from unauthorised access by third parties.
In addition, computer access is made more difficult for unauthorised persons, thus the data of all users are less at risk.

What should be in mind when dealing with passwords?

The following rules become clear if you equate the granting access of a user authorisation with the passing on of a key for the university locking system.

  • Passwords must not be passed on under any circumstances. This rule also applies to superiors and other persons who appear to be trustworthy. Even a system administrator does not need to know the password for their user access.
  • Passwords should never be written down. The risk of third parties finding out the password is too great.
  • If it becomes known that an unauthorised person has gained knowledge of a password, simply changing it is not sufficient. Instead, the responsible system administrator must also be informed immediately, as the intruder may have already created further access options that remain in place even after a password change.

In some cases, even greater care is required when handling passwords than when handling keys. The reasons for this are, for example

  • A key can only be duplicated with comparatively great effort, whereas with a password, even a quick glance is sufficient.
  • Personal presence is a prerequisite for using a key. Computer access can also be used via worldwide networks, so an unauthorised person is hardly at risk of being caught red-handed.
Characters to be used

Each password should contain characters from as many of the groups listed here as possible:

  • Capital letters A-Z
  • Lower case letters a-z
  • Numbers 0-9
  • Punctuation and special characters ,.-;:_+*?=()/&!"%

Some characters should not be used:

  • because they are not easily accessible on every keyboard: <samp>\~{}[]^'` or because they contain country-specific special characters such as umlauts
  • or have control functions: #,@,$, <TAB>, <BACKSPACE>
  • and all characters that are entered using the <CTRL> or <STRG> key (this also includes the paragraph character, which can be found on German keyboards).
No passwords which can be guessed

A "tried and tested" method used by unauthorised persons to repeatedly gain access to systems is password guessing.

For this reason, the following passwords are unsuitable:

  • Passwords that consist of more or less publicly accessible information: Car registration number, date of birth (including that of your girlfriend/boyfriend or wife/husband!), matriculation number, user name, telephone number, etc.
  • Passwords that belong to a language and can therefore appear in a dictionary. It doesn't take very long to "try out" all the words from freely available lists as passwords, and ill-intentioned contemporaries are prepared to go to immense lengths to do so.
Further information on this topic

The CERT (Computer Emergency Response Team) at DFN has made further information on password security available.

We use cookies to help give you the best experience on our website, to make them more effective and to become more secure. More informations
We also use cookies in connection with the web analytics software „Matomo“. To interrupt this tracking you can click here: Deactivate Matomo