AAU logo

password

Passwords help ensure that personal and confidential information is protected against access by unwanted persons. However, hackers often gain access to this important information through weak or leaked passwords. In many cases, passwords are easy to grab and crack.

So: Avoid re-using your passwords. Don't share your passwords with others. Select a strong password for AAU access control.

Learn more about creating a good password below.

Tips on passwords

  • +

    Tips on passwords


    Re-using passwords poses a very high risk that a hacker gains access not only to one system, but to many systems, when a password is leaked or otherwise compromised.

    Here are some rules to help you create a strong password.

    • Long – it must be a minimum of 14 characters
    • Unpredictable  – it must be known by you only and very hard to guess for other people
    • Unique – your password must be unique for each system. Never re-use due to safty.

    It must contain 3 of the following 4 categories,

    • Capital letters (only A-Z)
    • Small letters (only a-z)
    • Numbers (0-9)
    • Special characters (e.g. @ # $ _ % ^ & * - ! + =( ) [ ] { } | \ : ' , . ? / ` ~ ";)


    Don’t use your own name, family names or pet names, and the birthdays of your own or family members. If hackers try to figure out your password, these will be some of first things they try.
    The length of your password is more important for security than complexity. Make sure you create a long password, using the required characters and letters.

    It might be easier for you to remember a sentence rather than a random combination of numbers, letters, etc. So you may choose your password to be a series of characters coming from one sentence. For example: I have worked at Aalborg University for over 5 years. The sentence could be converted as follows: IhwaAAU>5y
    Without the mnemonic phrase, this password would probably be close to impossible to remember, but with the mnemonic phrase it is suddenly possible to remember.

    Long passwords can be hard to remember. So you can use a sentence as a password. The sentence should be easy for you to remember, but hard for others to guess, and long enough that it is not possible to figure out.
    An example could be: Jens has 1 car, but bikes to work
    Not all systems support spaces, so we recommended omitting spaces between words.
    The password will thus be: Jenshas1car,butbikestowork

    Make your passwords more complex and hard to guess by using,

    • Intentional spelling mistakes such as tobeeornottobee
    • Combinations with uppercase letters where the first, second or last letter of each word is made uppercase, such as tObEoRnOttObE
    • Replacement of letters and words with numbers and special characters that are similar to what they replace such as 2b30rn0t2b3 or w0rk!ng@AAU>5y3ars
    • A combination of the above.

    See more under Password Policy at AAU www.en.its.aau.dk/instructions/Change+password/password+policy/
     

  • +

    Remember all your passwords with a password manager

    Most people have many different passwords. The ones we use daily we can probably remember, but the ones we only need to use once in a while can be difficult to remember.

    Instead of writing all your passwords down on little scraps of paper and storing them under the keyboard, you can use a password manager to remember your passwords. A password manager is a piece of software that can store your numerous, unique passwords in a secure way. Access to the stored passwords is protected by a master password.

    Password managers are available in many variations. Some are web based, others are actual programmes or apps that need to be installed.

    In general, make sure that the program you choose offers secure data encryption. Today, 256bit AES encryption is considered to be a secure encryption, so if the program supports this, you’re probably well protected. However, you should remember that the security will ultimately depend on the password you choose for the master password. If you choose a password that is not secure enough, or if you give it to others, then encryption will not help you.

  • +

    Change passwords if you suspect your password is compromised

    For more on how to change your AAU password, see the FAQ on password security below.

    On https://haveibeenpwned.com you can check if your own accounts have been part of a leak.

  • +

    Other tips

Password Security FAQ

  • +

    What are the requirements of an AAU password?

  • +

    How do I change my AAU password?

    You can find instructions for changing your password on www.en.its.aau.dk/instructions/Change+password/

  • +

    What do I do if I forgot my AAU password?

    You can get a new password by following the instructions here: www.nyadgangskode.aau.dk/new-password/

  • +

    What does ITS do to increase password security at AAU?

    AAU access control is a single-sign-on solution that is used for most of the AAU systems. This means you do not need different passwords to access different internal AAU systems.

    AAU access control allows three login attempts to enter the correct password. So if you enter the wrong password three times you lock your AAU account and you will need to contact ITS Support to regain access.

    Remote access to the AAU network via VPN uses two-factor authentication where your regular AAU password is supplemented with an additional verification code that is sent to your mobile phone.

Remember to:

  • Never use information connected to yourself for your password (family names, birthdays, car's registration plate etc.)
  • Never use your AAU password for systems outside AAU eg. your pivate email account
  • Never write down your password unless you keep it safe
  • Never share your password with others, even with an IT supporter

Password security