Welche Regeln gibt es für Passwörter?

For accounts imported to the LRZ from other institutions (currently LMU Munich, TU Munich, Universities of Applied Sciences Munich, Weihenstephan-Triesdorf, Landshut and Ansbach), the password rules of the respective institution apply.  For these accounts, nothing further needs to be considered from the LRZ side.

The following rules apply to accounts that are managed directly at the LRZ:

  • Passwords can be changed at the LRZ IDM portal.
  • Passwords must be between 8 and 31 characters long (the longer, the more secure). They must contain at least 2 letters and at least 1 digit or special character. Umlauts (ä,ö,ü) and ß are not allowed. There is only a limited set of allowed special characters, because the passwords have to work in the input screens of many different LRZ services.
  • Passwords found in lists of compromised passwords (esp. https://haveibeenpwned.com/Passwords) are not accepted.

Passwords of LRZ accounts do not have to be changed regularly without reason.  However, if your current password appears in lists of compromised passwords in the meantime, we will inform you immediately. Moreover, you will be notified when logging in to the IDM portal.  This does not mean then that your account is hacked; the password usually got on the list through some other person in the world who happened to have the same password and whose account was hacked.
See also Why is my password expired or compromised?