University of Hamburg - to research, to teach, to educate and form, to homepage
CEN - Center for Earth System Research and Sustainability
Centerfor Earth System Research and Sustainability (CEN)

Photo: UHH/CEN/ T. Wasilewski

IT-Service: CEN-IT

Security advices & Spam

Secure passwords

A secure password should look like this:

  • At least 8 characters
  • At least one upper case letter (A-Z)
  • At least one lower case letter (a-z)
  • At least one number (0-9)
  • At least one special character (z.B.: !, $, #, %)

In addition, a password should not contain any part of the username/account name or your name.
Remember a secure password

Remember a secure password

Secure passwords usually look very complicated, but can also be easily created and remembered by mnemonic devices. Think of a sentence or choose a favourite quotation, from which you take the first letters of each word.

Example for the generation of a secure password

  • Sentence: A secure password and easy to remember!!
  • Passwort: 1sp&eztr!

Please do not use this sample password anywhere!!!

In this example the word "A" has been replaced by the number "1" and the "and" by the special character "&". There are other possibilities like a "4" as "for", a $ sign as replacement of a capital "S". Search the internet for the "Leetspeak-Alphabet" to discover more possibilities.

Correct handling of passwords

  • Never send a password in an e-mail! An e-mail is similar to a postcard and could be read by anyone unless it is explicitly encrypted.
  • Do not enter your password carelessly on any Internet pages. There are many websites where you are asked to log in, mostly by requests in emails.
  • Someone or a site asks me for my password, what should I do? CEN-IT and other service providers will not ask you for your personal password! If you are unsure, just ask us if the request is legitimate.
  • Always use an encrypted connection when logging in (web, e-mail, FTP). In the case of an Internet site, this is achieved by prefixing https:// (e.g. https://webmail.rrz.uni-hamburg.de). With e-mail and FTP programs there is usually a possibility to activate the encryption (TLS, SSL) when configuring the connection.
  • Use different passwords at each end of line
  • Do not use the passwords of your user IDs (UHH, ZMAW) anywhere else on the Internet

Identification of unsafe Internet sites (spam & phishing)

Do not click on every link

Before clicking on a link, check the address to the website. Often you can read the correct address in normal text, but if you stop your mouse over this address and don't click on it, most email programs and browsers will display the actual address. Most of the time it is displayed at the bottom left or right of the screen as soon as the mouse pointer touches the link.

Identifying an attempted fraud by the structure of the link

Dubious pages where you are asked to enter your password can be identified most easily by the address. If it does not contain your desired destination (e.g. "uni-hamburg.de" or "zmaw.de"), then it is obviously a fake. Some password thieves fake the websites so well and copy the design that they usually cannot be distinguished from the original.
Even an address such as "webmail.uni-hamburg.de.hoster.biz" is a fake, because the relevant uni-hamburg.de part is not on the back (technically, you read an address from right to left). So you would entrust your password to hoster.biz.

I accidentally entered my password on a strange website

Contact us immediately and change your password. Fast acting is essential for preventing a breach into our systems.

Spam & Phishing

If you are more interested in this topic (explanation of terms, detection, effects, countermeasures), please refer to the countless specialist pages on the Internet. A detailed introduction to this topic would go beyond the limit of this page.

Protection from viruses, adware, attacks

  • Make sure that your computer and antivirus program are always provided with the latest updates (computers installed by us regularly receive Windows, Linux, software and antivirus updates).
  • All computers in our network are protected from external attacks by a firewall, which blocks incoming traffic. If you are outside the network, please use your own firewall (e.g. closed routers, Windows firewall, third-party software and hardware).
  • Adware infestation is noticeable if you are constantly receiving advertisements and have to click them away explicitly. Often the start page of your browser is also changed and shows advertising and other search engines. Adware can sometimes be uninstalled like a normal program and in case of persistent infestation it can be removed with free tools such as AdwCleaner.