Additional rules apply to system administrators when selecting, setting and handling passwords:
- Administrators' passwords must be accessible to other responsible persons in case of emergency and if the administrators are absent at the same time.
Passwords from decentralised areas can be securely stored in separate sealed envelopes in the SCC. The passwords in the area of responsibility of the SCC are collected by the respective responsible administrators in accordance with the regulations of the SCC. - Each user ID must be provided with a password.
It must not be possible to log in under any user ID without entering a password (not even for guest or test accounts). - Preset or empty passwords (e.g. of the manufacturer when systems are delivered) must be replaced by individual and secure passwords.
This also applies in particular to all privileged accounts and to all test and guest accounts with user IDs such as »root«, »administrator«, »test«, »demo«, »guest«, etc. - It should be avoided whenever possible to set up »Group identifiers«,
e.g. where several or all members of a work group log on to the system under the same user ID and with a single password known to all members. - If a user leaves the Bauhaus-Universität, the password of his or her user account must be changed immediately or the account must be deactivated or deleted (unless there are special reasons for not doing so).