Password Policy

SWITCH edu-ID Password Requirements are mostly based on the latest NIST requirements.

  • Minimum password length: 10 characters
  • Commonly used passwords are forbidden. New prospective passwords are checked against various lists of common passwords
    • check against locally stored list of 1 million most common passwords.
    • online check against Pwned Passwords via k-anonymity API (>600 million leaked passwords)
  • The password needs to be composed of letters and puncutation characters or digits.

SWITCH edu-ID does not enforce ineffective password limitations. No periodic password change is required. No particular complexity is required. The only complexity requirement ist that in addition to lower case letters, at least one uppercase letter, number or punctuation character must be present.

Recommendations to Users of SWITCH edu-ID

NIST Recommendations and Further References