Password Rules

If passwords are used for authentication in an IT system, the security of the entrance and the right of accesses of the system depends crucially on the fact that the password is used correctly. The rules listed here must be observed.

On this website you will find information how to change or reset your password .

Password Requirements for the Windows-Campus-Account

The Windows-Campus-Account is one of the main account Acounts in the GSI, as it not only required in the Windows world, but independent of the operating system  used to access your e-mails.

Requirements to the complexity of the password

  • The password can not contain the user's account name or more than two characters that appear consecutively in the full name of the user.
  • The password must contain characters from three of the following four categories:
    • English upper case characters (A - Z)
    • English lower case charecters (a - z)
    • Base 10 digits (1- 9)
    • Non-alphabetic characters (for example !, $, #, %)
  • These complexity requirements are enforced when passwords are changed or created.

Password Expiration & Temporary Account Suspension

  • A password can be used a maximum of 180 days before the system prompts the user to change it.
  • A previously used password in the past can be used again only if in the meantime at least 6 more have been used.
  • A password must be used at least 1 day, before it can be changed.
  • A user has a maximum of 50 failed logon attempts before the account will be locked out.
  • After a period of 180 minutes, the locked-out account automatically becomes unlocked. Alternatively, an administrator can reset the password.

Password management program

Given the large number of accounts and passwords to be used, it is advisable to use a password management program. We recommend KeePass (Windows, installed from the Software Center) or KeePassX (Linux, installed by default).

Save all accounts with the respective passwords into the database of the program. The database itself is backed up by a master key. This master key should be sufficiently complex and is the only password you need to remember.

Please note:

  • The database is only encrypted if the program is not open (unlocked).

Other important rules for safe password use

The following text is taken from excerpts of information from the Federal Office for Security in Information Technology:

  • No"dictionary"-phrases, names, license plate number,date of birth etc.
  • The passwordmust be kept secretand canonly be used bythe userpersonally.
  • The password shouldbe put in writingforthe deposit, and it is thensafely storedin a sealed envelope. Ithas to be keep as save as a bank card at least.
  • A provenmethod of passwordcreationis to usethefirst letterof a sentence.
    For example "Jackdaws love my big sphinx of quartz!" becomes "Jlmbs0q!".
  • Passwords must not bestored onthe programmable function keys.
  • A passwordshould be changed, if the passwordhas becomeknown tounauthorizedpersons.
  • Theentry of the passwordshould take placeunobserved.
  • Please also note the Information on passwords of the department for IT security.  

If you have any further questions or remarks, please contact it-service.