ISG D-HEST

Search

Safe Passwords

How a safe password has to be can be found on several differnet platforms.

The password rules at ETH are:

  • at least. 8, max. 30 signs long
  • allowed Signs (Letters, Numbers, Special characters): a-z A-Z 0-9 #,-./:=?@[ ]^{ }~
  • no umlaut, no space
  • at least one special character and one number (if less than 12 signs)
  • no existing word (4+ letters) from a dictionary

Tipps:

  • has to be at least 12 signs long.
  • should contain capitals, lowercase, numbers and special characters.
  • Names from family, friends or pets ar not allowed.
  • No words from dictionarys.
  • No keyboard patterns as asdfgh or1234abcd.
  • just adding a number or special char to the end or the beginning of a simple password is no good solution. 
  • avoid password checking tools.

Note: If your system allowes umlaute (äöü) or special chars please make sure that on another computer you might not be able to find the signs on the keyboard.

If you plan to place the note under your keyboard or behind your screen, this is no good idea. If you close them up in a safe there is no problem to write them down.

If you have multiple passwords to remember, a password keeper such as KeePass (you can find it in the AppV-Kiosk in Tools & Accessories) could be a good solution for you. Usually those programms are also able to create strong passwords for you, so that you do not need to think of new strong passwords. The best thing about using such a Software is, that you only have to remember one masterpassword.

A good method is this:

Think of a Sentence, and take the first letter of each word.  

Examplel:

  • In the morning I stand up and brush my Teeth for 3 Minutes.
  • Only the first letters: "ItmIsuabmTf3M".
  • "i and l" look like "1", "&" replaces "and": "1tm1su&bmTf3M".


This way you get a strong password that is difficult to find out for other people.

Important is only, that it is a sentence that you imagine. Don't take one out of a Book or a Songtext. A goot thind is also to let the cioncidence decide for a part of your password. For example flip a coin to decide whether to use & or "and" ind your password.

Change all your passwords regularly. We would recommend to change all passwords at least all three months.

Password recycling is often used but a big problem. If you use the same or a very similar password for different accounts, it is easy for an attacker to find out more than one of your passwords and for this also hack mor than one of your accounts.

If you get a new account there is often a standard password set. 

Hacker know this:

When attacking the first thing they try is to use the preset passwords because they are often very easy.

So please remeber changing the password of a new account as fast as possible.

Especially for your WLAN Router at home.

If you send your password via E-Mail it is usually unencrypted. This means, it it very easy for an attacker to catch it up. You have no guarantee that only the receiver that you choose is reading your mail.

If you share your password you loose controle over it. Then the time thinking of a strong password was useless.

Important:

Employees of ETH will never ask for your password. Even the service technician that comes to help you will never ask you for it.

JavaScript has been disabled in your browser