Password Rules

If passwords are used for authentication in an IT system, the security of the entrance and the right of accesses of the system depends crucially on the fact that the password is used correctly. The rules listed here must be observed.

On this website you will find information how to change or reset your password .

Password Requirements for the Windows-Campus-Account

The Windows-Campus-Account is one of the main account Acounts in the GSI, as it not only required in the Windows world, but independent of the operating system  used to access your e-mails.

Requirements to the complexity of the password

  • The password can not contain the user's account name or more than two characters that appear consecutively in the full name of the user.
  • The password must contain characters from three of the following four categories:
    • English upper case characters (A - Z)
    • English lower case charecters (a - z)
    • Base 10 digits (1- 9)
    • Non-alphabetic characters (for example !, $, #, %)
  • These complexity requirements are enforced when passwords are changed or created.

Password Expiration & Temporary Account Suspension

  • A password canbe useda maximum of 180daysbefore the systemprompts the userto change it.
  • A previously usedpasswordin the pastcan be usedagain onlyifin the meantimeat least6 morehave been used.
  • A passwordmustbe usedat least 1 day, before it canbe changed.
  • A user hasa maximum of 50 failedlogon attempts before the account will be locked out.
  • After aperiod of 180 minutes, the locked-out accountautomatically becomes unlocked. Alternatively, an administrator can resetthe password.

Password management program

Given the large number of accounts and passwords to be used, it is advisable to use a password management program. We recommend KeePass (Windows, installed from the Software Center) or KeePassX (Linux, installed by default).

Save all accounts with the respective passwords into the database of the program. The database itself is backed up by a master key. This master key should be sufficiently complex and is the only password you need to remember.

Please note:

  • The database is only encrypted if the program is not open (unlocked).

Other important rules for safe password use

The following text is taken from excerpts of information from the Federal Office for Security in Information Technology:

  • No"dictionary"-phrases, names, license plate number,date of birth etc.
  • The passwordmust be kept secretand canonly be used bythe userpersonally.
  • The password shouldbe put in writingforthe deposit, and it is thensafely storedin a sealed envelope. Ithas to be keep as save as a bank card at least.
  • A provenmethod of passwordcreationis to usethefirst letterof a sentence.
    For example "Jackdaws love my big sphinx of quartz!" becomes "Jlmbs0q!".
  • Passwords must not bestored onthe programmable function keys.
  • A passwordshould be changed, if the passwordhas becomeknown tounauthorizedpersons.
  • Theentry of the passwordshould take placeunobserved.
  • Please also note the Information on passwords of the department for IT security.  

If you have any further questions or remarks, please contact it-service.