Password policy | check/reset/change the password

- In individual cases, the changes may take a few moments until all systems are synchronized.
- A changed password is then also valid for all other systems operated by the university.
 This does NOT include Webex and Adobe logins; the self-assigned passwords for these logins will not be changed.
 If necessary, use the password functions provided by these systems.
- If your data proves to be no longer valid and/or changes are not possible, please contact the administrators of your area.
- Your password must comply with the password policy, see below!

Please remember that if you change your password, the login data on all the devices you use must also be changed.

These include, for example, saved WLAN access, e-mail access with cell phones, tablets or mobile computers, VPN login data, saved access data in browsers, etc. Repeated automatic login attempts from devices can in rare cases lead to automatic, temporary blocking of the account!

The following systems are available to you for checking/changing/resetting your password:

1. checking the validity of your password in combination with your e-mail address or account name
- Self-service of the ISC |

Enter your details on the page that opens and you will be notified whether they are valid.

2. change your password
  You must know your current password and it must be valid.
- Self-service of the ISC |

Enter your details on the page that opens. Your password will be changed and you will receive a confirmation message.

- Web access to the e-mail system

3. reset/reset password
  If you no longer know your password, you can reset it using your initial password. The initial password was sent to you in writing and only you know it.

- Self-service of the ISC |

Fill in the fields with the relevant data (including the security question) and confirm the details.

Password policy

Password history: no repetition of any of the last 24 passwords
Minimum password length: 12 characters
Minimum password age: 24 hours (passwords can only be changed again after 24 hours)
The complexity requirements define the requirements for a valid password:

1. passwords must not contain the value of the AccountName (e.g. lastname_v or stnavoxx or sknavoxx) or the entire DisplayName (full name) of the user. None of these checks are case-sensitive.
The AccountName is only checked in its entirety to determine whether it is part of the password.
If the AccountName is less than three characters long, this check is skipped.
The DisplayName is analyzed for separators: Commas, periods, hyphens or hyphens, underscores, spaces, pound signs and tabs.
If one of these delimiters is found, the display name is split and all sections (tokens) determined are confirmed as not being contained in the password.
Tokens shorter than three characters are ignored and substrings of the tokens are not checked.
For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M" and "Hagens".
As the second token is only one character long, it is ignored.
This user must therefore not have a password that contains either "erin" or "hagens" as a substring anywhere in the password.

2. the password contains characters from three of the following categories:
- Capital letters of European languages (A to Z, with diacritics, Greek and Cyrillic characters).
- Special characters '-!"#$%&()*,./:;?@[]^_`{|}~+<=>
- Lowercase letters of European languages (a to z, sharp-s, with diacritics, Greek and Cyrillic characters).
- Base 10 digits (0 to 9).
Currency symbols such as Euro or British Pound are not counted as special characters for this policy setting.
Any Unicode character that is categorized as an alphabetic character but is not upper or lower case. This group contains Unicode characters from Asian languages.
- Spaces are not allowed

3. maximum password age: 365 days