Password security

The most important tips for a secure password

You use passwords everyday, whether for your TU ID, to use central IT services at the TU Darmstadt, to unlock your smartphone or as a log-in for e-commerce platforms or social media channels. Anyone who knows your access data can misuse them and, for example, read your e-mails or make purchases at your expense. Therefore choose secure passwords and keep them secret.

How does a secure password look like? And how can you remember a good password? Below we have summarised the most important tips for you. For the secure handling of passwords and for further details, see the password guideline of TU Darmstadt (opens in new tab).

With the new password policy, it will be necessary for you to change your TU-ID password once by April 30, 2022 and adapt it to the new standard. This is easily done in the IDM portal via the “Change password” link.

In order to make changing your password as unproblematic as possible, we have put together a number of helpful tips and hints for you in this handout (opens in new tab).

At a glance

A secure password...

  • is at least 12 characters (20 for administrative accounts) long. Basically: The longer, the better!
  • contains preferably upper and lower case letters, numbers and special characters (?!%+…).
  • does not contain personal data like the name of a family member, your own pet, etc.
  • is not found in the dictionary.
  • is not just a simple password with a single number or one of the usual special characters ($, !, ?, #) at the beginning or end of the word.

But how do you remember such a password?

A popular method works like this: Think of a sentence and use only the 1st letter of each word (or only the 2nd or last etc.). Then convert certain letters into numbers or special characters and capital letters.

For example: “I get up in the morning and brush my teeth three minutes long.” Only the first letters: “Iguitmabmttml”. “i” looks like “1”, “&” replaces the “and”, 3 replaces “three”, nouns get capitalized: “1gu1tM&bmT3Ml”.

Of course there are many other tricks and methods that work just as well.

You can find detailed information on the pages of the Federal Office for Information Security (BSI). Learn more

Tip: Use a password manager

If you choose a separate, secure password for each service, you have a lot to remember. Password managers help to remember and create secure passwords. There are some free and good ones. Read more on the page “password manager”.

Even if it is difficult with rarely used access data – as a matter of principle you should not write down passwords.

Read also the BSI recommendation: How password managers protect data.

A problem is the habit of using the same passwords for many different purposes or accesses (accounts). If the password of a single application falls into the wrong hands, the attacker would have access to your other applications as well. This could be, for example, the letterbox or all of the information on your PC.

For many software products, empty passwords or generally known passwords are used in the accounts during installation (or in the delivery state). Hackers know this: in the event of an attack, they first try to find out whether you have forgotten to assign new passwords to your accounts. It is therefore advisable to read the manuals to find out whether such accounts exist and if so, to protect them with individual passwords.

With common operating systems you have the possibility to lock the keyboard and screen after a certain waiting period. Unlocking is only possible after entering a correct password. Use this possibility! Without password protection, unauthorised third parties can gain access to your PC during temporary absence. Our recommendation: 5 minutes after the last user input. In addition, there is also the possibility of activating the lock immediately if necessary (for example with Windows operating systems: press “WINDOWS key + L”).

You should change a password if there is a suspicion that it has fallen into someone else's hands. This is e.g. the case, if passwords of a service provider you use have been stolen. Also, a spam or phishing email that contains your personal data can mean that someone has grabbed data from one of your accounts.

If you remark, that your device is infected with a malicious program, change your password as well – but only after cleaning the device. Some malicious programs record credentials and transmit them to third parties.

If you suspect that the password to your TU-ID has been stolen or that your device has been infected with malware, contact us immediately at .