Secure handling of the password

The correct handling of your password is an important prerequisite to avoid misuse of your personal user ID or improper access to your data and files.
For example, persons who come into possession of your user ID and password have the possibility of reading or deleting your e-mails under your user name, sending e-mails with dubious content, viewing and manipulating your data, starting legally binding actions or committing criminal offences in your name, spying on secret data, attacking and impairing other computer systems.
If the trail is traced, you will be held responsible first. In case of damage, they have to prove that they were not the culprit, but that someone stole the password.

In order for a secure password to remain secure, this therefore requires the correct handling of the password. Please note our recommendations for the correct handling of your password:

  • Passwords must be kept secret.
    Please remember that you are responsible for your password! Do not share your password with anyone.
  • Never reveal your password, even if asked.
    Even employees of the SCC will not ask them for their personal password, as they do not need it for their work tasks (even in the case of support) and should not know it.
  • Always enter passwords unobserved.
    Do not let anyone look over your shoulder when typing in your password!
  • Change the password immediately if there is a suspicion of knowledge by a third party.
    They should change their password as soon as they suspect that someone might know the password.
  • No storage of passwords on programmable function keys or on IT systems.
    The option »Save password« offered by many applications (especially under Windows) should never be activated, –even if it seems useful, – because the passwords are usually not sufficiently encrypted or, in the worst case, even stored in plain text on the hard disk. Also, passwords should not be stored on programmable function keys.
  • Always interrupt, lock or log off sessions.
    If you interrupt a session on a public computer, make sure that they lock the session or, if that is not possible, that they log out.
  • No reuse of already used passwords.
    Do not use passwords that you have used before.
  • No use of the password of the university account with external IT services.
    Do not use the University's account data ( login and/or password) with external IT services and do not use the same login name and/or password everywhere else. This increases the potential for misuse, as a security breach in one area can immediately affect the security of other areas. Once your password or account ( login + password) has been compromised, potential attackers could, in the worst case, abuse all services to which you have access.