Schuetzen Sie Ihr Passwort/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
 
(18 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 6: Zeile 6:
 
This article will help you choose a good password and use it securely.  
 
This article will help you choose a good password and use it securely.  
  
A password for the university account is generated when the account is created and can be changed at any time after logging into the [https://serviceportal.uni-paderborn.de/en/ ServicePortal]. A well-chosen password makes it more difficult for unauthorized persons to access your data and prevents misuse of your university account (viewing grades, false registration for courses, statements by e-mail in your name, ...).
+
A password for the university account is generated when the account is created and can be changed at any time after logging into the [https://serviceportal.uni-paderborn.de/en/ Serviceportal]. A well-chosen password makes it more difficult for unauthorized persons to access your data and prevents misuse of your university account (viewing grades, false registration for courses, statements by e-mail in your name, ...).
  
 
==Requirements==
 
==Requirements==
 
A password for the university account must meet at least the following requirements:
 
A password for the university account must meet at least the following requirements:
  
* The password must be '''at least 8 characters long'''.
+
* The password must be '''at least 10 characters long'''.
 
* The password must be '''no more than 25 characters long'''.
 
* The password must be '''no more than 25 characters long'''.
 
* At least one of the characters must be a '''digit''' (0-9).  
 
* At least one of the characters must be a '''digit''' (0-9).  
Zeile 18: Zeile 18:
 
* The password must '''not contain umlauts, accents, etc.'''!
 
* The password must '''not contain umlauts, accents, etc.'''!
  
You can find instructions on how to change your password in the article [[Aenderung des Kennwortes]].
+
You can find instructions on how to change your password in the article [[Aenderung des Kennwortes|Changing the Password (german)]].
  
 
However, for your password to be secure, it depends on the selection and sequence of characters and how you handle the password.
 
However, for your password to be secure, it depends on the selection and sequence of characters and how you handle the password.
Zeile 33: Zeile 33:
 
== Tips in dealing with passwords ==
 
== Tips in dealing with passwords ==
 
* Do not write down your password.
 
* Do not write down your password.
** Most importantly: Do not keep the password near your computer (e.g. Post-It on the monitor).
+
** In particular: Do not keep the password near your computer (e.g. Post-It on the monitor).
* Make sure no one is watching you enter your password.
+
* Make sure that no one is watching you enter your password.
 
* Never give your password to anyone. Not even to friends or good acquaintances.
 
* Never give your password to anyone. Not even to friends or good acquaintances.
* Avoid saving the password on the computer (browser, mail client, etc.).
+
* Avoid saving the password unencrypted on the computer (browser, Excel or Word document)
* Try to change passwords at certain intervals (6 months - 2 years).
+
* Do not send your password via email or messenger (Teams, WhatsApp etc.).
* Do not send your password via e-mail or instant messaging (ICQ, Skype, WhatsApp, etc.).
 
  
 
==Phishing mails==
 
==Phishing mails==
{{Mbox|type=error|text=The IMT staff will '''NEVER''' ask you for your password. Do '''not answer''' questions about this over the phone or email}}.
+
{{Mbox|type=error|text=The ZIM staff will '''NEVER''' ask you for your password. Do '''not answer''' questions about this over the phone or email}}
  
 
One method of attack to obtain usernames and passwords are so-called ''phishing emails''. Phishing refers to attempts to obtain an Internet user's data via fake websites, e-mail or short messages and thus commit identity theft. The aim of the scam is to use the data obtained, for example, to plunder the bank account and harm the relevant persons.
 
One method of attack to obtain usernames and passwords are so-called ''phishing emails''. Phishing refers to attempts to obtain an Internet user's data via fake websites, e-mail or short messages and thus commit identity theft. The aim of the scam is to use the data obtained, for example, to plunder the bank account and harm the relevant persons.
Zeile 49: Zeile 48:
 
Subject: Uni-Paderborn Email Login Warning
 
Subject: Uni-Paderborn Email Login Warning
 
Date: Thu, 16 Jan 2014 17:30:20 +0000
 
Date: Thu, 16 Jan 2014 17:30:20 +0000
From: IMT Support Team <xxxyyy@ou.edu>
+
From: ZIM Support Team <xxxyyy@ou.edu>
 
To: <xxxyyy@uni-paderborn.de>
 
To: <xxxyyy@uni-paderborn.de>
  
Zeile 64: Zeile 63:
 
recommend all users run they updates after expected release of this patch.
 
recommend all users run they updates after expected release of this patch.
  
IMT Support Team
+
ZIM Support Team
Center for Information and Media Technologies (IMT)
+
Center for Information and Media Technologies (ZIM)
 
(05251) 60-5544
 
(05251) 60-5544
imt@upb.de <mailto:imt@upb.de>
+
zim@uni-paderborn.de <mailto:zim@uni-paderborn.de>
http://imt.uni-paderborn.de/unser-angebot/hilfe/
+
http://zim.uni-paderborn.de/unser-angebot/hilfe/
 
-------------------------
 
-------------------------
  
Zeile 81: Zeile 80:
 
The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.
 
The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.
  
Further notes and examples of phishing emails can be found at [[Hinweise_zu_Phishing-E-Mails/en]].
+
Further information and examples of phishing emails can be found at [[Hinweise_zu_Phishing-E-Mails/en]].
  
 
== Password managers ==
 
== Password managers ==
Zeile 99: Zeile 98:
 
The length of a password is crucial when assessing its security. If an attacker manages to get hold of the encrypted hash values of your password, he can try to crack it offline, i.e. without having to log in anywhere with it.
 
The length of a password is crucial when assessing its security. If an attacker manages to get hold of the encrypted hash values of your password, he can try to crack it offline, i.e. without having to log in anywhere with it.
  
In an article from 2009, the author Dirk Fox has impressively shown the connection between the length of a password and its security. The full article can be found [http://www.secorvo.de/publikationen/passwortlaengen-fox-2009.pdf here] or at (Fox, D. DuD (2009) 33: 620. doi:10.1007/s11623-009-0161-9).
+
Short passwords can be hacked this way in a few seconds.
 
 
{| class="wikitable"
 
|-
 
! Password length !! Letters only (52 characters) !! Letters, numbers & special characters (84 characters)
 
|-
 
| align=center | 6 || align=center | 0,2 s || align=center | 3,5 s
 
|-
 
| align=center | 8 || align=center | 8.75 min|| align=center | 6.7 hrs.
 
|-
 
| align=center | 10 || align=center | 16.4 days|| align=center | 5.4 years
 
|-
 
| align=center | 12 || align=center | 122 years || align=center | 38.147 years
 
|}
 
 
 
The speeds were calculated on a standard computer from 2009 with a good graphics card and an open source program.
 
  
 
==See also==
 
==See also==
* [[Informationssicherheit/Information Security]] - Overview of all articles
+
* [[Informationssicherheit|Information Security (german)]] - Overview of all articles
 
<br>
 
<br>
 
* [https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/Umgang-mit-Passwoertern/umgang-mit-passwoertern_node.html Recommendation from the German Federal Office for Information Security]
 
* [https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/Umgang-mit-Passwoertern/umgang-mit-passwoertern_node.html Recommendation from the German Federal Office for Information Security]
 
* [http://en.wikipedia.org/wiki/Phishing Wikipedia article about phishing]
 
* [http://en.wikipedia.org/wiki/Phishing Wikipedia article about phishing]
 
* [http://en.wikipedia.org/wiki/Password_manager Wikipedia article about password managers]
 
* [http://en.wikipedia.org/wiki/Password_manager Wikipedia article about password managers]

Aktuelle Version vom 8. November 2024, 19:57 Uhr

Die deutsche Version finden Sie auf der Seite Schützen Sie Ihr Passwort

This article will help you choose a good password and use it securely.

A password for the university account is generated when the account is created and can be changed at any time after logging into the Serviceportal. A well-chosen password makes it more difficult for unauthorized persons to access your data and prevents misuse of your university account (viewing grades, false registration for courses, statements by e-mail in your name, ...).

Requirements[Bearbeiten | Quelltext bearbeiten]

A password for the university account must meet at least the following requirements:

  • The password must be at least 10 characters long.
  • The password must be no more than 25 characters long.
  • At least one of the characters must be a digit (0-9).
  • At least one of the characters must be a lowercase letter (a-z).
  • At least one of the characters must be a special character (?,!;#. etc.).
  • The password must not contain umlauts, accents, etc.!

You can find instructions on how to change your password in the article Changing the Password (german).

However, for your password to be secure, it depends on the selection and sequence of characters and how you handle the password.

Other security measures[Bearbeiten | Quelltext bearbeiten]

  • Do not use your university password for other accounts, especially external ones (Facebook, Google, ...).
  • The password or parts of the password should not be found in dictionaries (Duden, Oxford etc.) and have no direct relation to you (no names of family members, pets or friends and no birthday data).
  • Adding simple digits at the end of the password or one of the usual special characters $ ! ? # at the beginning or end of an otherwise simple password is also not recommended.
  • Do not use repeat or keyboard patterns (asdf, 1234, etc.).
  • Choose a password that cannot be associated with you or the service.

This makes it more difficult to guess the password by automated attacks, so called brute force, dictionary or rainbow table attacks.

Tips in dealing with passwords[Bearbeiten | Quelltext bearbeiten]

  • Do not write down your password.
    • In particular: Do not keep the password near your computer (e.g. Post-It on the monitor).
  • Make sure that no one is watching you enter your password.
  • Never give your password to anyone. Not even to friends or good acquaintances.
  • Avoid saving the password unencrypted on the computer (browser, Excel or Word document)
  • Do not send your password via email or messenger (Teams, WhatsApp etc.).

Phishing mails[Bearbeiten | Quelltext bearbeiten]

One method of attack to obtain usernames and passwords are so-called phishing emails. Phishing refers to attempts to obtain an Internet user's data via fake websites, e-mail or short messages and thus commit identity theft. The aim of the scam is to use the data obtained, for example, to plunder the bank account and harm the relevant persons.

An example of a typical phishing e-mail:

Subject: Uni-Paderborn Email Login Warning
Date: Thu, 16 Jan 2014 17:30:20 +0000
From: ZIM Support Team <xxxyyy@ou.edu>
To: <xxxyyy@uni-paderborn.de>

University of Paderborn - The University of the Information Society

We notice a login with valid password your Uni-Paderborn-email-account from a unknown device 
by Thursday, January 16, 2014 18:32 CET from Peru.

You was? If yes, you can ignore the rest of this email.

If is it you not, please REGISTER HERE account information [link removed] to protect your Uni-Paderborn-email-account
and protect your Uni-Paderborn from potential future account compromittion.
The Office of Inforamtion Security keep this actualised if information change, but we 
recommend all users run they updates after expected release of this patch.

ZIM Support Team
Center for Information and Media Technologies (ZIM)
(05251) 60-5544
zim@uni-paderborn.de <mailto:zim@uni-paderborn.de>
http://zim.uni-paderborn.de/unser-angebot/hilfe/
-------------------------

© 2014 University of Paderborn. 

Pay particular attention to the correctness of links in an email. The URL specified in the text does not have to correspond to the link destination.

If we ask you to authenticate yourself on one of our websites, please pay attention to the following characteristics:

The address is in the form https://*.UNI-PADERBORN.DE/* and is identified by a valid security certificate. The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.

Further information and examples of phishing emails can be found at Notes on Phishing E-Mails.

Password managers[Bearbeiten | Quelltext bearbeiten]

Password managers make it easier to use, manage, and securely store your passwords. A password manager stores and encrypts passwords and associated accounts using a master password or key file, and helps keep your account data secure. This simplifies the use of, for example, particularly long and/or randomly generated passwords and thus increases security.

A well-known and frequently used open source password manager is KeePass. Instructions on how to install and use it can be found at Managing passwords with KeePass.

Mobile apps[Bearbeiten | Quelltext bearbeiten]

Please note that passwords stored in apps are also at risk!

Mobile applications in standard smartphones are very popular. However, they do not disclose how they handle your credentials. In the worst case, they are transmitted in clear text between the application, app server and university. In the best case, encryption takes place, storing only encoded hash values with the app provider. Unfortunately, even these hash values can be used for attacks if an attacker can get at them.

We therefore generally advise against storing access data with "mobile apps".

Password length and security[Bearbeiten | Quelltext bearbeiten]

The length of a password is crucial when assessing its security. If an attacker manages to get hold of the encrypted hash values of your password, he can try to crack it offline, i.e. without having to log in anywhere with it.

Short passwords can be hacked this way in a few seconds.

See also[Bearbeiten | Quelltext bearbeiten]



Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo Di - Fr
Vor-Ort-Support Geschlossen Über die Feiertage geschlossen
Telefonsupport 08:30 - 13:00 Über die Feiertage geschlossen


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo Di - Fr
08:00 - 16:00 Über die Feiertage geschlossen


Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.