My secure password

Aus BIS Wiki

AUTOMATIC TRANSLATION OF THIS PAGE IN GERMAN

Secure passwords are important to protect your valuable data and accounts from unauthorised access. As an employee in particular, you are also responsible for protecting the information you have access to about colleagues or students and choosing a secure password is the basis for this.

Proven tips and methods

  • Longer passwords are more difficult to crack. A good password should have at least 12 characters and consist of a combination of upper and lower case letters, numbers and special characters.
  • A unique password should be used for each account to prevent attacks by reusing lost passwords.
  • Passing on passwords to colleagues or fellow students should also never take place.
  • The use of easily guessable information such as names, personal information, dates of birth or common words from the dictionary is taboo.
  • Wherever possible, two-factor authentication (2FA) should be used. This additional security layer requests further information in addition to the password, such as a code generated by the smartphone or a special device (token).
  • One master password for everything: A password manager can help to create and store passwords securely. A separate provider such as KeePass or Bitwarden should be used for this purpose. Password managers that are integrated directly into the browser are not recommended.
  • If there is a suspicion that an approval has been hacked, the password must be changed immediately. There is a separate section on this topic below.
  • Services such as "Have I Been Pwned" can help you to regularly check whether your own access data has been part of data leaks. If the check finds a hit, the password should be changed immediately. The password change page performs this check automatically, as does the password test page.

Tips for memorising passwords easily

'Combine character types'

It is recommended to use a sufficiently long word and to intelligently replace individual letters with numbers and special characters. This could look like this, for example: "R0s1n3nbrotb@um". It is important to ensure that the word contains upper case letters, lower case letters, numbers and special characters. Which characters can be used is shown directly in the password change page and also in of the password test page.

Using "mnemonic" technology

Use a sentence or a short story to better memorise passwords. The first part of each word in the sentence is used.

Example sentence: "My cat's name is Luna and she's 3 years old since yesterday!"

Password: "McniLas3Yosy!"

Using passphrases:

A passphrase is described as a sequence of random words that is easy to remember but difficult to guess.

Example: "Pigeon sock hammer plant 3"

To make it easier to remember the random words, you can colour in a moving picture: The 'pigeon' flies with the 'sock' (above the head) like a 'hammer' into the 'plant'. As passphrases only contain a few character types, they should be at least 20 characters long. They must also contain upper and lower case letters and a number.

If you have any further questions, please contact your IT department assistants.

Where can I change my password

On this page:

https://login.uni-bielefeld.de/kv/password

When a new password is set, the system checks whether it fulfils the requirements in the Basic Information Security Regulations of the University (in german) (minimum length 12 characters). At the same time, a check is carried out against a list of stolen passwords based on the list of the "have I been pwned" service. A password that is on this list cannot be used either.

If you want to test the admission of a new password before setting it, you can use the password test page:

https://login.uni-bielefeld.de/kv/pwtest

How can I recognise if my password has been stolen or if someone is trying to steal it?

You can view your login history on the 'My account' page:

https://login.uni-bielefeld.de/kv/

This page displays the last seven days on which logins or login attempts have occurred via the login page with your approval. Further information on the procedure can be found here.

Note: Logins via other login masks are not documented here.

Use of two-factor authentication

An effective means of increasing the security of your own admission is use of two-factor authentication, which can be activated in just a few steps.

The additional password

The so-called 'additional password' is an additional password for some special BIS applications. This function is only relevant for staff, people who have received corresponding instructions from BIS Support.

The purpose of the additional password is to be able to use a secure password in places where the other security functions of the login cannot take effect. The password is therefore not entered by you, but is generated by the system as a random value.

You can enter an additional password on the page 'My Account', the corresponding option is available in the right-hand side menu. The additional password is displayed on the page immediately after it has been generated; you can copy it out here and save it in a password manager, for example.

If you no longer know the additional password, you can simply delete it and generate a new one, which will be valid from then on.