Schuetzen Sie Ihr Passwort/en: Unterschied zwischen den Versionen

ZIM HilfeWiki - das Wiki
Zeile 81: Zeile 81:
 
The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.
 
The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.
  
Further notes and examples of phishing emails can be found at [[Hinweise_zu_Phishing-E-Mails/en]].
+
Further information and examples of phishing emails can be found at [[Hinweise_zu_Phishing-E-Mails/en]].
  
 
== Password managers ==
 
== Password managers ==

Version vom 14. September 2022, 14:41 Uhr

Die deutsche Version finden Sie auf der Seite Schützen Sie Ihr Passwort

This article will help you choose a good password and use it securely.

A password for the university account is generated when the account is created and can be changed at any time after logging into the ServicePortal. A well-chosen password makes it more difficult for unauthorized persons to access your data and prevents misuse of your university account (viewing grades, false registration for courses, statements by e-mail in your name, ...).

Requirements[Bearbeiten | Quelltext bearbeiten]

A password for the university account must meet at least the following requirements:

  • The password must be at least 8 characters long.
  • The password must be no more than 25 characters long.
  • At least one of the characters must be a digit (0-9).
  • At least one of the characters must be a lowercase letter (a-z).
  • At least one of the characters must be a special character (?,!;#. etc.).
  • The password must not contain umlauts, accents, etc.!

You can find instructions on how to change your password in the article Änderung des Kennwortes.

However, for your password to be secure, it depends on the selection and sequence of characters and how you handle the password.

Other security measures[Bearbeiten | Quelltext bearbeiten]

  • Do not use your university password for other accounts, especially external ones (Facebook, Google, ...).
  • The password or parts of the password should not be found in dictionaries (Duden, Oxford etc.) and have no direct relation to you (no names of family members, pets or friends and no birthday data).
  • Adding simple digits at the end of the password or one of the usual special characters $ ! ? # at the beginning or end of an otherwise simple password is also not recommended.
  • Do not use repeat or keyboard patterns (asdf, 1234, etc.).
  • Choose a password that cannot be associated with you or the service.

This makes it more difficult to guess the password by automated attacks, so called brute force, dictionary or rainbow table attacks.

Tips in dealing with passwords[Bearbeiten | Quelltext bearbeiten]

  • Do not write down your password.
    • Most importantly: Do not keep the password near your computer (e.g. Post-It on the monitor).
  • Make sure no one is watching you enter your password.
  • Never give your password to anyone. Not even to friends or good acquaintances.
  • Avoid saving the password on the computer (browser, mail client, etc.).
  • Try to change passwords at certain intervals (6 months - 2 years).
  • Do not send your password via e-mail or instant messaging (ICQ, Skype, WhatsApp, etc.).

Phishing mails[Bearbeiten | Quelltext bearbeiten]

One method of attack to obtain usernames and passwords are so-called phishing emails. Phishing refers to attempts to obtain an Internet user's data via fake websites, e-mail or short messages and thus commit identity theft. The aim of the scam is to use the data obtained, for example, to plunder the bank account and harm the relevant persons.

An example of a typical phishing e-mail:

Subject: Uni-Paderborn Email Login Warning
Date: Thu, 16 Jan 2014 17:30:20 +0000
From: IMT Support Team <xxxyyy@ou.edu>
To: <xxxyyy@uni-paderborn.de>

University of Paderborn - The University of the Information Society

We notice a login with valid password your Uni-Paderborn-email-account from a unknown device 
by Thursday, January 16, 2014 18:32 CET from Peru.

You was? If yes, you can ignore the rest of this email.

If is it you not, please REGISTER HERE account information [link removed] to protect your Uni-Paderborn-email-account
and protect your Uni-Paderborn from potential future account compromittion.
The Office of Inforamtion Security keep this actualised if information change, but we 
recommend all users run they updates after expected release of this patch.

IMT Support Team
Center for Information and Media Technologies (IMT)
(05251) 60-5544
imt@upb.de <mailto:imt@upb.de>
http://imt.uni-paderborn.de/unser-angebot/hilfe/
-------------------------

© 2014 University of Paderborn. 

Pay particular attention to the correctness of links in an email. The URL specified in the text does not have to correspond to the link destination.

If we ask you to authenticate yourself on one of our websites, please pay attention to the following characteristics:

The address is in the form https://*.UNI-PADERBORN.DE/* and is identified by a valid security certificate. The first * indicates the service, e.g. "https://webmail.uni-paderborn.de" or "https://benutzerverwaltung.uni-paderborn.de" etc.

Further information and examples of phishing emails can be found at Notes on Phishing E-Mails.

Password managers[Bearbeiten | Quelltext bearbeiten]

Password managers make it easier to use, manage, and securely store your passwords. A password manager stores and encrypts passwords and associated accounts using a master password or key file, and helps keep your account data secure. This simplifies the use of, for example, particularly long and/or randomly generated passwords and thus increases security.

A well-known and frequently used open source password manager is KeePass. Instructions on how to install and use it can be found at Managing passwords with KeePass.

Mobile apps[Bearbeiten | Quelltext bearbeiten]

Please note that passwords stored in apps are also at risk!

Mobile applications in standard smartphones are very popular. However, they do not disclose how they handle your credentials. In the worst case, they are transmitted in clear text between the application, app server and university. In the best case, encryption takes place, storing only encoded hash values with the app provider. Unfortunately, even these hash values can be used for attacks if an attacker can get at them.

We therefore generally advise against storing access data with "mobile apps".

Password length and security[Bearbeiten | Quelltext bearbeiten]

The length of a password is crucial when assessing its security. If an attacker manages to get hold of the encrypted hash values of your password, he can try to crack it offline, i.e. without having to log in anywhere with it.

In an article from 2009, the author Dirk Fox has impressively shown the connection between the length of a password and its security. The full article can be found here or at (Fox, D. DuD (2009) 33: 620. doi:10.1007/s11623-009-0161-9).

Password length Letters only (52 characters) Letters, numbers & special characters (84 characters)
6 0,2 s 3,5 s
8 8.75 min 6.7 hrs.
10 16.4 days 5.4 years
12 122 years 38.147 years

The speeds were calculated on a standard computer from 2009 with a good graphics card and an open source program.

See also[Bearbeiten | Quelltext bearbeiten]



Bei Fragen oder Problemen wenden Sie sich bitte telefonisch oder per E-Mail an uns:

Tel. IT: +49 (5251) 60-5544 Tel. Medien: +49 (5251) 60-2821 E-Mail: zim@uni-paderborn.de

Das Notebook-Café ist die Benutzerberatung des ZIM - Sie finden uns in Raum I0.401

Wir sind zu folgenden Zeiten erreichbar:


Mo Di - Fr
Vor-Ort-Support Geschlossen Über die Feiertage geschlossen
Telefonsupport 08:30 - 13:00 Über die Feiertage geschlossen


Das ZIM:Servicecenter Medien auf H1 hat aktuell zu folgenden Zeiten geöffnet:

Mo Di - Fr
08:00 - 16:00 Über die Feiertage geschlossen


Cookies helfen uns bei der Bereitstellung des ZIM HilfeWikis. Bei der Nutzung vom ZIM HilfeWiki werden die in der Datenschutzerklärung beschriebenen Cookies gespeichert.