Password Policy
Password Policy at DESY
Computer Center
Password Policy at DESY
Changing the Password
Changing the password can be done with the DESY registry.
It can only be reached within the DESY-Intranet via the Registry Webinterface.
The new password is checked as follows Password Requirements.
If an account was locked the user needs to contact UCO.
Requirements for Passwords to be accepted
- Minimum length eight characters
- No use of words from dictionaries
- Use of characters out of at least three of the following four categories
- Upper case letters
- Lower case letters
- Numbers
- Special characters
- No use of
- own first names
- own last names
- own userid
- special names
- maximal 14 characters
- special characters: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~
- not allowed characters: " \ blank umlaut and ctrl-character
- special names are e.g.: desy, doris, petra, hera, tesla etc.
Password Aging
It is necessary to change the password for every account at least every 6 months (180 days). Therefore every night a cron job is checking the age of all passwords and sends an e-mail to those users whose password age reached certain limits.
If a user doesn't change the password before expiring date, we lock the account for security reasons. The user gets this message several times before the expiring date.
If a user has gotten a new account or if his password was reset by the system administrator the user needs to change this first password within 5 days. We recommend, though, to do this immediately.
If an account was locked the user needs to contact UCO.