Password Policy

This document describes the rules that apply to the quality and handling of passwords belonging to electronic identities at Dalarna University.

Introduction

The password belonging to your electronic identity is the key that enables the use of the university's network resources. It is also a major security risk if it were to fall into the wrong hands. In other words, the password must be handled with care.

Password quality

A strong password is of utmost importance. This means that the password is difficult for a human or computer to guess. It imposes certain requirements on the complexity of the password. At the same time, the password should be easy enough to remember. These two things (complex but simple) may seem to be in opposition to each other which sometimes makes the choice of password a bit problematic.

We set these requirements for passwords:

  • At least 8 characters long.
  • Must not contain spaces.
  • Must contain characters from at least three of the following four character groups:
    • Lowercase letters: "a" to "z" (not å, ä, ö)
    • Uppercase letters: "A" to "Z" (not Å, Ä, Ö)
    • Numbers: "0" to "9"
    • Special characters:
      • "-" (hyphen)
      • "_" (underscore)
      • "." (full stop)
      • "!" (exclamation mark)
      • "%" (percent sign)
      • ":" (colon)
      • "=" (equal sign)
      • "#" (hash sign)

We recommend that you choose a password that is at least 10 characters long as it is generally better to use longer passwords.

Password management

Your password must be handled with care as it is the key to your electronic identity. If it gets into the wrong hands, someone can pose as you, i.e. a form of identity hijacking. This can have tremendous consequences for you personally but also for the university.

  • Your password must never be disclosed to third parties, i.e. you must never tell another person your password. You are also not allowed to give away your password to a service outside the university. This includes applications (computer, mobile, web) that do not use the university's login routine, i.e. applications that store your username and password.
  • You must use a separate password for your identity at Dalarna University. If you use the same password as in any other service outside the university, this counts as having disclosed the password (since it is known by a third party).
  • If your password becomes known to someone other than yourself, including services according to the two previous points, you must immediately change the password.
  • Feel free to use a password manager (ex. LastPass, 1Password etc). These help you to create secure passwords but also to have separate passwords for all network services and applications.

REMEMBER: Dalarna University never asks for your password by e-mail, phone or in any other way than the usual login routines. Pay attention to so-called phishing attempts!

Last reviewed:
Last reviewed: