Information Security

Dansk

 Information Security Password

Passwords

RULE: Passwords and PIN codes

AU employees are issued with passwords for IT systems at AU as well as a key card with a PIN code that gives access to the parts of the university where they work.

Students are also issued with a password for part of the university's IT systems as well as a student ID card with a PIN code.

  • Passwords and PIN codes are personal, and must not be shared with others – even IT staff at AU.
  • Computers and mobile devices belonging to AU must have an automatic screen lock.

If you suspect that others may know your PIN codes or passwords, please report this to your local IT support team and then change the code.

IT support - staff

IT support - students

RULE: Requirements for passwords

  • A password must contain at least 12 characters. Longer passwords may be required for privileged access when accessing sensitive information or business-critical systems.
  • A password must contain combinations from at least three of the following categories: Upper case letters, lower case letters, numbers and special characters. Æ, Ø, Å cannot be used for AU's systems.
  • You may not reuse passwords for AU's systems, for example to access external websites and system accounts. 

TIP: Make strong passwords and remember them

  • A password must be strong. Make sure that it is not easy to guess your password.
  • A password should not contain personal information. Many people use birth dates, names, addresses and similar as passwords, but they are relatively easy to guess for people with sinister intentions.
  • You can create and remember a password based on a sentence or a passphrase, for example.

Password based on sentences

  • It is easier to remember a sentence than a random order of letters, numbers, special characters, etc. You can use this to create a password as a number of characters based on a sentence. For example, Lauritz has been rector of Aarhus University for more than four years. This sentence can be translated into the following password: LhbRoAU>4yrs.
  • Without the sentence, this password would probably be almost impossible to remember, but the sentence makes it very easy to remember.
  • You can expand the system, for example by replacing specific letters with numbers or special characters. E.g. $ instead of S.

Password = passphrase

  • You can also use passphrases as your password. These are whole sentences used as passwords.
    For example, Peter has 1 yellow Volvo, but it looks brown. 
  • This passphrase is a good example because it is relatively easy to remember, fairly complex, difficult to guess and so long that trying to guess it would be impossible.
  • The downside is that not all systems support passphrases. 
  • You can often work around this by removing "spaces" and other not "normal" characters, so the sentence instead looks like this Peterhas1yellowVolvo,butitlooksbrown.
  • If it is possible to use passphrases, be careful not to use passphrases that are "easy" to guess, for example "Old MacDonald had 1 farm". Famous quotes and songs, etc. are probably already on the hackers’ passphrase lists, making them easier to guess.

TIP: How to change your password

It is a good idea to change passwords on your devices regularly. Click here to find out how to change your passwords.

TIP: Remember to lock your computer

Always use screen lock, no matter where you are, so that unauthorised persons cannot access AU data. 

If you are unsure about how to do this, click here.

Revised 06.01.2023
-
Informationssikkerhed