When you gain access to one or more of Aalborg University's IT systems, you also gain access to personal and confidential information that must be protected against unauthorised access. It is therefore important that you use strong passwords.

Here are some key rules for creating strong passwords:

• Long - it should be a minimum of 14 and a maximum of 28 characters.
• Unpredictable - it should be known only to you and hard for others to guess.
• Unique - the password must be unique. Never reuse the same password for multiple systems.

In addition, it must contain at least 3 of the following 4 character categories:

• Upper case (A-Z only)
• Lowercase (a-z only)
• Numbers (0-9)
• Special characters (e.g. @ # $ _ % ^ & * - ! + =( ) [ ] { } | \ : ' , . ? / ` ~ ";)

When you have a lot of different passwords, it can be difficult to remember them. Instead of writing them down on a piece of paper, you can:

• Make passwords that are easy to remember
  
  • For example, use lyrics from your favourite song combined with numbers, upper and lower case letters (e.g. IWannaDanceWithSomeb0dy)
• Use a shortened phrase as a password
  
  • For example, "Next Friday I'm off for 3 weeks and I'm going on holiday" can become "NFImof3w&Imgoh"
• Use a full sentence as your password
  
  • E.g. "ICanNeverRememberMyPassw0rds"
• Use a password manager
  
  • A password manager keeps track of all your passwords and keeps them protected behind one big master password. You probably already know that Google Chrome or your phone stores passwords and automatically fills them in for you when you log in
  • AAU does not provide a password manager
  • Make sure the password manager you choose encrypts your data securely. 256bit AES encryption is nowadays considered to be a secure encryption, so if the programme supports this, you are probably well protected

When you change your password, you may find that your new password is rejected even though it fulfils the above criteria. This may be because your password has been used before, or it may be too weak because it contains easily recognisable words or phrases.

AAU's systems check against international lists of leaked passwords, so if you try to use a password that has previously been leaked, it will also be rejected.

Change your password immediately if you have the slightest suspicion that it may have been leaked and that others may have gained access to it. See how above.

At https://haveibeenpwned.com you can check if your passwords have been leaked through a detected leak by entering your email address.

If you're curious to learn more about passwords, visit:

Centre for Cyber Security's theme on password security

Sikkerdigital.dk's advice for strong passwords