AAU logo

password

Passwords help ensure that personal and confidential information is protected against access by unwanted persons. However, hackers often gain access to this important information through weak or leaked passwords. In many cases, passwords are easy to grab and crack.

So: Avoid re-using your passwords. Don't share your passwords with others. Select a strong password for AAU access control.

Learn more about creating a good password below.

Tips on passwords

  • +

    Do not re-use your passwords

    Many people re-use passwords. Re-using passwords poses a very high risk that a hacker gains access not only to one system, but to many systems, when a password is leaked or otherwise compromised.

  • +

    Avoid using names and birthdays

    Using your own name, family names or pet names, and the birthdays of your own or family members is a widespread practice. If a hacker tries to figure out your password, these will be some of first things they try.

  • +

    Make long passwords

    The length of your password is more important for security than the complexity. So, rather than a few different special characters and numbers, use a lot of letters.

    According to the Centre for Cybersecurity, a strong password that does not contain numbers or symbols must be at least 20 characters long. AAU’s access control currently allows a maximum of 16 characters, so you are required to include special characters and/or numbers in your AAU password. See more under Password Policy at AAU: www.en.its.aau.dk/instructions/Change+password/password+policy/

  • +

    Use an abbreviated sentence as a password

    It might be easier for you to remember a sentence rather than a random combination of numbers, letters, etc. So you may choose your password to be a series of characters coming from one sentence. For example: I have worked at Aalborg University for over 5 years. The sentence could be converted as follows: IhwaAAU>5y

    Without the mnemonic phrase, this password would probably be close to impossible to remember, but with the mnemonic phrase it is suddenly possible to remember.

    Moreover, we recommend that you avoid using the Danish characters æ, ø and å, since passwords containing any of these characters may prevent you from accessing AAU’s wireless network.

  • +

    Use an entire sentence as a password

    Long passwords can be hard to remember. So you can use a sentence as a password. The sentence should be easy for you to remember, but hard for others to guess, and long enough that it is not possible to figure out.

    An example could be: Jens has 1 car, but bikes to work

    Not all systems support spaces, so we recommended omitting spaces between words.

    The password will thus be: Jenshas1car,butbikestowork

    Be aware that famous quotes and well-known song titles can be easy for a hacker to guess. Incorporate a mix of uppercase and lowercase letters, numbers, and special characters in the sentence.

  • +

    Mix upper and lower case letters, numbers and special characters

    Make your passwords more complex and hard to guess by using:

    • intentional spelling mistakes such as tobeeornottobee
    • combinations with uppercase letters where the first, second or last letter of each word is made uppercase, such as tObEoRnOttObE
    • replacement of letters and words with numbers and special characters that are similar to what they replace such as 2b30rn0t2b3 or w0rk!ng@AAU>5y3ars
    • a combination of the above.
  • +

    Remember all your passwords with a password manager

    Most people have many different passwords. The ones we use daily we can probably remember, but the ones we only need to use once in a while can be difficult to remember.

    Instead of writing all your passwords down on little scraps of paper and storing them under the keyboard, you can use a password manager to remember your passwords. A password manager is a piece of software that can store your numerous, unique passwords in a secure way. Access to the stored passwords is protected by a master password.

    Password managers are available in many variations. Some are web based, others are actual programmes or apps that need to be installed.

    In general, make sure that the program you choose offers secure data encryption. Today, 256bit AES encryption is considered to be a secure encryption, so if the program supports this, you’re probably well protected. However, you should remember that the security will ultimately depend on the password you choose for the master password. If you choose a password that is not secure enough, or if you give it to others, then encryption will not help you.

    If you need help, contact ITS Support.

  • +

    Change passwords if you suspect your password is compromised

    For more on how to change your AAU password, see the FAQ on password security below.

    On https://haveibeenpwned.com you can check if your own accounts have been part of a leak.

  • +

    Other tips

FAQ on Password Security

  • +

    What are the requirements of an AAU password?

  • +

    How do I change my AAU password?

    You can find instructions for changing your password on www.en.its.aau.dk/instructions/Change+password/

  • +

    What do I do if I forgot my AAU password?

    You can get a new password by following the instructions here: www.nyadgangskode.aau.dk/new-password/

  • +

    What does ITS do to increase password security at AAU?

    AAU access control is a single-sign-on solution that is used for most of the AAU systems. This means you do not need different passwords to access different internal AAU systems.

    AAU access control allows three login attempts to enter the correct password. So if you enter the wrong password three times you lock your AAU account and you will need to contact ITS Support to regain access.

    Remote access to the AAU network via VPN uses two-factor authentication where your regular AAU password is supplemented with an additional verification code that is sent to your mobile phone.

Remember never to:

  • Use information connected to yourself for your password (family names, birthdays, car's registration plate etc.)
  • Use your AAU password for systems outside AAU eg. your pivate email account
  • Write down your password unless you keep it safe
  • Share your password with others, even with an IT supporter