Password Rules
If passwords are used for authentication in an IT system, the security of the access control of the IT system depends on the strength of the used password. The rules listed here must be followed, to avoid the usage of weak passwords.
On this website you will find information how to change or reset your password .
General password requirements for user accounts
The following rules apply to the main user accounts (Windows, Linux, Weblogin) at GSI/FAIR:
- Passwords must be changed at least every 24 months.
- Passwords are checked against a list of known weak passwords when changed.
- Previously used passwords must not be reused.
- Passwords must not be reused at different IT-systems.
- Passwords require a length of at least 10 characters.
- Passwords must consist of at least three of the following four character classes:
- lower case letters
- upper case letters
- digits
- symbols
Additional rules for the Windows-Campus-Account
- The password must ...
- ... neither begin with a number nor end with a number
- ... not repeat any of your previous six passwords
- ... not contain your user name
- ... not contain any “dictionary” phrases (e.g. GSI, password, pass, word, etc.)
- ... not contain any names or license plates
- ... not be included in the list of prohibited passwords
- ... not be included in the list of banned passwords
- ... differ from your previous password by more than the last character
- Maximum password length is 127 characters. Due to technical limitations in individual target systems, the use of passwords with more than 42 characters is not reasonable or not possible.
- A passwort has to be used at least 1 day, before it can be changed.
- A user has a maximum of 50 failed logon attempts before the account will be locked out.
- After a period of 180 minutes, the locked-out account automatically becomes unlocked. Alternatively, an administrator can reset the password.
Password management program
Given the large number of accounts and passwords to be used, it is advisable to use a password management program. We recommend KeePass (Windows, installed from the Software Center) or KeePassXC (Linux, installed by default).
Save all accounts with the respective passwords into the database of the program. The database itself is backed up by a master key. This master key should be sufficiently complex and is the only password you need to remember.
Please note:
- The database is only encrypted if the program is not open (unlocked).
Other important rules for safe password use
The following text is taken from excerpts of information from the Federal Office for Security in Information Technology:
- No "dictionary"-phrases, names, license plate number, date of birth etc.
- The password must be kept secret and can only be used by the user personally.
- The password should be put in writing for the deposit, and it is then safely stored in a sealed envelope. It has to be keep as save as a bank card at least.
- A proven method of password creation is to use the first letter of a sentence.
For example "A monkey was hiding in the pinata to steal sweets!" becomes "Amwh1tptss". - Passwords must not be stored on the programmable function keys.
- A password should be changed, if the password has become known to unauthorized persons.
- The entry of the password should take place unobserved.
Further information and videos
Please also note the Information on passwords of the department for IT security.