IT security

Use a different password for each account. When you create a new password, choose between the two options.There are two types of strong passwords:

• Long and less complex: Use at least 25 characters, two types of characters are sufficient.Example: UniMontagProfessorinPrüfungsamt or lernen_handy_netflix_sonnenschein.
• Shorter and more complex: Use at least 8 (but preferably more) characters and combine four types of characters. Example: o&B45hH-§

More Tips:

• Choose your password smartly - so no names or birth dates from the environment, no keyboard patterns or key sequences that you would expect (1234abcd).

• It is not necessary to change a password regularly - if it is secure. You can check on sites like HPI Identity Leak Checker (https://sec.hpi.de/ilc/search?lang=de) orhttps://haveibeenpwned.com if your password has already been compromised
• More information on secure passwords can be found here: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/sichere-passwoerter-erstellen_node.html.

It can quickly become confusing if you have many passwords. Password managers that allow you to manage all your passwords securely have proven themselves well. At LMU, many employees use KeePass, an open source tool in which your data is stored locally and encrypted.

Please note the following points:

• Do not let anyone see your passwords. This includes not "hiding" slips of paper with passwords under your keyboard or in your desk drawer.
• Do not reveal your passwords to anyone. Not even exceptionally or to colleagues or friends.

• Do you suspect that your password has been compromised? Change it immediately!
• If it is your LMU user ID and you suspect a data protection incident or misuse, you are also welcome to contact the IT Service Desk.
• You can find out whether your password for an e-mail account has already been affected by a data leak or hacker attack at the following websites: https://haveibeenpwned.com (externer Link) or https://sec.hpi.de/ilc/search?lang=de (externer Link).
• The LMU and the Leibniz Supercomputing Centre (LRZ) regularly check whether passwords appear in lists for leaked passwords. If this is the case, users are contacted and asked to change the password.

Further information on creating secure passwords can also be found on the website of the Federal Office for Information Security (BSI) at https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/sichere-passwoerter-erstellen_node.html .

Unfortunately, it happens again and again that IT devices are misplaced or stolen. But it is not only the device that is gone - often it is also your data.

• Allow data access only with a passwordencrypt your data
• More information: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Daten-sichern-verschluesseln-und-loeschen/Datenverschluesselung/datenverschluesselung_node.html

• Even if you only leave your workplace for a short time or put your device aside - lock the device manually. For Windows PCs, press the "Windows" and "L" keys simultaneously. For Mac devices, press "ctrl" + "cmd (Mac key)" + "Q".
• Do you work with sensitive data and travel a lot? Then a data protection film makes sense. It prevents unwanted readers from spying on your data next to you or behind you.