Account names
The account name is not an e-mail address but a string of four (4) to eight (8) characters. User might want to consider to use their last name plus letter(s) of their first name such as 'fmiller'. Please refrain from using funny account names or pure numbers.
Passwords
Minimum length eight (8) characters / maximal 14 characters
The password is valid for 6 month. You will get a series of warning by email, starting 20 days in advance.
No use of words from dictionaries
Use of characters out of at least three of the following four categories:
- Upper case letters
- Lower case letters
- Numbers
- Special characters ( ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~ ) no (\ blank umlaut and ctrl-character)
No use of:
- own first names
- own last names
- own account name (userid)
- special names (desy, doris, petra, hera, tesla)
Dear all,
thank you for bringing user's complaints to our attention and pointing out the changes of recommendations concerning the length and complexity of passwords.
Large parts of DESY's IT infrastructure, and the account provisioning services belonging to it, have successfully undergone an ISO 27001 audit process. Part of this audit have been the password policies, which are based on German law and advisories of Germany's Federal Office for Information Security (BSI), in which the regular change of passwords is required.
Also DESY policies are taking into account technical boundary conditions. We are actively adapting to changes in the IT world and we are working on a successor of the current account provisioning service and -- of course -- adapting to changing needs is one of its main implementation goals.
For now there is no instant "remedy" possible but in the intermediate future new recommendations will be incorporated into DESY's account provisioning services.
Kind regards
Dirk
--
Dirk Jahnke-Zumbusch Deutsches Elektronen-Synchrotron DESY
IT Information Fabrics Member of the Helmholtz Association
D-22603 Hamburg Notkestrasse 85 / 22607 Hamburg