Password security

The most important tips for a secure password

You use passwords everyday, whether for your TU ID, to use central IT services at the TU Darmstadt, to unlock your smartphone or as a log-in for e-commerce platforms or social media channels. Anyone who knows your access data can misuse them and, for example, read your e-mails or make purchases at your expense. Therefore choose secure passwords and keep them secret.

How does a secure password look like? And how can you remember a good password? Below we have summarised the most important tips for you.

At a glance

A secure password...

  • is at least 9 characters long. Basically: The longer, the better!
  • contains upper and lower case letters, numbers and special characters (?!%+…).
  • is not the name of a family member, your own pet, etc.
  • is preferably not found in the dictionary.
  • is not just a simple password with a single number or one of the usual special characters ($, !, ?, #) at the beginning or end of the word.

But how do you remember such a password?

A popular method works like this: Think of a sentence and use only the 1st letter of each word (or only the 2nd or last etc.). Then convert certain letters into numbers or special characters.

For example: “I get up in the morning and brush my teeth.” Only the first letters: “Iguitmabmt”. “i” looks like “1”, “&” replaces the “and”: “1gu1tm&bmt”.

Of course there are many other tricks and methods that work just as well.

You can find detailed information on the pages of the Federal Office for Information Security (BSI). Learn more

Tip: Use a password manager

If you choose a separate, secure password for each service, you have a lot to remember. Password managers help to remember and create secure passwords. There are some free and good ones. Read more on the page “password manager”.

Even if it is difficult with rarely used access data – as a matter of principle you should not write down passwords.

Read also the BSI recommendation: How password managers protect data.

A problem is the habit of using the same passwords for many different purposes or accesses (accounts). If the password of a single application falls into the wrong hands, the attacker would have access to your other applications as well. This could be, for example, the letterbox or all of the information on your PC.

For many software products, empty passwords or generally known passwords are used in the accounts during installation (or in the delivery state). Hackers know this: in the event of an attack, they first try to find out whether you have forgotten to assign new passwords to your accounts. It is therefore advisable to read the manuals to find out whether such accounts exist and if so, to protect them with individual passwords.

With common operating systems you have the possibility to lock the keyboard and screen after a certain waiting period. Unlocking is only possible after entering a correct password. Use this possibility! Without password protection, unauthorised third parties can gain access to your PC during temporary absence. Our recommendation: 5 minutes after the last user input. In addition, there is also the possibility of activating the lock immediately if necessary (for example with Windows operating systems: press “WINDOWS key + L”).

You should change a password if there is a suspicion that it has fallen into someone else's hands. This is e.g. the case, if passwords of a service provider you use have been stolen. Also, a spam or phishing email that contains your personal data can mean that someone has grabbed data from one of your accounts.

If you remark, that your device is infected with a malicious program, change your password as well – but only after cleaning the device. Some malicious programs record credentials and transmit them to third parties.

If you suspect that the password to your TU-ID has been stolen or that your device has been infected with malware, contact us immediately at .