Password Authentication

SWITCH edu-ID Password Requirements

• Minimum password length: 10 characters
• Commonly used passwords are forbidden. New prospective passwords are checked against various lists of common passwords
  • check against locally stored list of common passwords (>40'000 words).
  • online check against Pwned Passwords via k-anonymity API (>500 million leaked passwords)

SWITCH edu-ID does not enforce ineffective password limitations. It almost entirely follows the NIST recommendations for memorized secrets (passwords). No periodic password change is required.
The only complexity requirement is that at least two character classes (lowercase letters, uppercase letters, numbers, punctuation) must be present in the password.

Recommendations to Users of SWITCH edu-ID

• Choose a long password (> 15 chars). Read these hints.
• Don't re-use a password across multiple websites
  • Use a password manager (like LastPass, PassSafe, 1Password or KeePass) or
  • use a password scheme

To protect your accounts from phishing and other unauthorized access it is strongly recommended to activate two-step login.

See also Password Policy