Guidelines for a Foolproof Password

Is your passport secure enough? Unsafe passwords such as „admin, abc123, 123456, google, welcome, password1“ or an empty password are unlucky choices and should be avoided. Even here at ETH Zurich, many students and staff still have weak passwords. Our employee and student brochures which all new ETH members receive offer the following advice:

  • Changing your Password

You must change your initial password which you received at entry. For security reasons, your password should contain at least 8 characters (even better 12 – 16 characters) with upper and lower case letters, numbers and special characters. You can change your password as often as you wish. We recommend the use of different passwords for our various IT-services. Password Rules for your Security

  •  Password-disclosure/ IT-Security

Never reveal your password via e-mail! No serious service supplier will ever ask you for your username or password by e-mail. Make sure to logon to absolutely trustworthy web sites only. If in doubt, ask your IT support first. More information on the subject of IT security can be found in our IT Awareness program «safeIT» at

Security Awareness

Traditionally, users at ETH Zurich enjoy a large degree of freedom in the use of their IT resources. To ensure this in the future as well, it is important that all users have at least some IT-security awareness. This includes getting to know and applying the IT-House Rules at ETH Zurich.

Avoid the misuse of systems and passwords

  • Select passwords which are difficult to guess. Keep them secret and observe password rules.
  • Use a password-protected screen saver whenever you leave your workplace.
  • Logout or turn off computers when you are absent or do not need to use the system.

Password Rules for your Security

Select a password which is not easily guessable, but one that you can remember. Names, birthdays, PIN-codes, telephone numbers or other easy-to-guess information, such as found in a dictionary, should be avoided. Passwords should not lay around in the open (e.g. on a Post-it hanging on your computer monitor). Don’t let others observe the passwords you enter. A well-chosen passwort consists of:

  • alphanumeric characters with letters in upper- and lower case
    a-z, A-Z, 0-9
  • at least one special character/symbol
  • special characters permitted for nethz passwords at ETH:
    # (hash), + plus, , comma, – minus, . dot, / forward slash, : colon, = equal, ? question mark, @ at, [ square brackets ] open and closed, ^ caret, { braces } open and closed, ~ tilde
  • at least 8 and maximum 30 characters in length (optimum is 12 – 16 characters)
  • at least one number
  • no empty spaces
  • no dictionary word

Create  your own password

Iamt5TfISau? (I apply more than 5 tips from IT Security and you?)
MsnPW2g4u2g? (My strong new password too good for you to guess?)
WntyBopTd2w? (Why not take your bike or public transportation daily to work?)

Posted on
in News English

2 comments on «Guidelines for a Foolproof Password»

  1. Special characters / symbols permitted for nethz passwords at ETH Zurich are listed separately.

    Studies show that longer passwords substantially reduce the risk of „brute force attacks“, even more so than special characters. We therefore recommend, not only at ETH, using passwords with at least 12 characters. (Brute force method: trying out all possible potential solutions until the right one is found

Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.