User credentials (e.g. passwords) in the MPI/CBS
Permanent Link:
Overview
You'll come into contact with several different credentials related to your employment at the institute. "Credentials" refer to any type of secret that you have to prove that you're actually you. All the relevant secrets are mentionedRelevant credentials, how to change and how to reset them
Permanent Link:| Credentials | What's that? | Managed where | How to get it? | Credentials forgotten or broken? | Where to change it? Requirements? |
|---|---|---|---|---|---|
| Institut account password | Password for in-house login, RemoteLinux and Mail | MPI CBS in-house | Initial password will be given to you on a sheet. Change it to something, you can remember immediately. | Forgot your password? Visit IT in Leipzig, bring your ID | Userportal  You have to be physically in the institute or have RemoteLinux / RemoteWindows access. You have to know the old password. |
| Institute Remote access 2FA | 2nd factor for RemoteLinux and RemoteWindows | Visit IT in Leipzig, bring your ID | Phone broken, lost or otherwise inaccessible? Visit IT in Leipzig, bring your ID | No self-service possible. | |
| Mail 2FA | 2nd factor just for MPI/CBS mail | Upon first logon at the Mail server Web-GUI | Request a 2FA-Reset at the Userportal You have to be physically in the institute or have RemoteLinux / RemoteWindows access. You have to know the institute account password for that! Processing the request takes a while, notification to a non-institute mail account is possible. |
||
| GWDG account password | For MPI wide central services | GWDG | Upon institute account creation, an initial password will be sent via email automatically. | You have access via RemoteLinux? Write a ticket, we'll send it to you via mail. No Remotelinux access? Visit IT in Leipzig, bring your ID |
GWDG-Account self service You have to know the GWDG account password for that! It takes a while for the new PW to sync e.g. to SAP . |
| GWDG 2FA | For some MPI wide central services | Self-service here. Make sure to write down the recovery code. | Visit https://id.academiccloud.de/mfareset , Use the recovery code, you received during 2FA setup. If you do not have access to this code anymore, please write a ticket. |
Self-service here You still have to have access to your 2FA device! |
|
FAQ
Expand all Collapse allWhich password/credential to use for which service?
Permanent Link:
If you have trouble, logging into one of these service, you might want to have a look at the specific ways of changing/resetting credentials UserCredentials.
| Service | Credentials to use |
|---|---|
| Groupware | Institute account password + Mail2FA |
| Linux workstations | Institute account password |
| Windows workstations | Institute account password |
| Apple workstations | Local password on the respective workstation |
| RemoteLinux | Institute account password + Remote access 2FA |
| RemoteWindows | Institute account password + Remote access 2FA |
| CentralWindows | Institute account password |
| ProxyLibrary | Institute account password |
| TicketSystem | Institute account password |
| Owncloud ("Max-Planck-Dropbox") | GWDG account password + GWDG 2FA |
| data.cbs.mpg.de | Institute account password |
| Eduroam | GWDG account password |
| Max | GWDG account password + GWDG 2FA |
| SAP | GWDG account password + GWDG 2FA |
| SoSci | GWDG account password + GWDG 2FA |
| MinervaMessenger | Independent user management. Find out more at MinervaMessenger |
| Confluence | Institute account password |
Back to FAQ start
Which rules apply for institute passwords
Permanent Link:
These are the rules
- Use at least a 12 character password (the more, the better but no more than 40)!
- Allowed characters are: A-Z, a-z, 0-9, ,.;:_/(){}[]@%&!+-*~=#?^
- The following rules apply to short passwords:
- Do not use or embed English or German words with more than 3 characters!
- Use at least 3 of the four character classes (minor, capital, numbers, "special")!
- Use 20 characters or more to void rules 1 and 2.
Back to FAQ start
Should I change my password on a regular basis?
You do not need to change your institute password on a regular basis.
Back to FAQ start
How to ensure security of my institute password?
Permanent Link:
There's only one rule: Never ever share your institute password with other people, services or organisations. Here is what that means (although these are only consequences of this sole rule):
- Never enter your institute password on a website that doesn't end with
cbs.mpg.de.- Examples for safe addresses
- Examples of attacks
- https://some.server.com/
- https://cbs.mpg.de.google.com/ (
cbs.mpg.denot at the end of the server name) - https://some.server.com/cbs.mpg.de (
cbs.mpg.deis not even part of the server name)
- You are obviously not allowed to give your password to a colleague. If you need a colleague to have access to some data, use permission delegation. If you don't know how to do that, please contact IT.
- Storing your password in an encrypting password management tool is OK.
- If you receive an email, pressuring you to enter your password on website with a shady URL, fight the urge to do so!
- Those are Phishing attacks.
- Be very careful, not to fall victim to such an attack because the institute will automatically lock your account in this case.
- You are not allowed to use your institute password as a password of another service (Google, GWDG, Live.Com, Facebook) - no matter how trustworthy this service is or seems to be.
- You may safely store your password in a piece of software on your computer to e.g. fetch mail in a mail client software. The same goes for apps on a phone
- However, you have to make sure, no software or app synchronizes this password to the cloud.
- You have to make sure that you understand the app, you're using. It is your responsibility!
- Example: Outlook for Android sends email passwords to Microsoft which then fetches emails in your name. Your are not allowed to do that!
- You are not allowed to let a service fetch email from your account (Google Mail, Live.Com, ...).
- You may use a mail forward on the institute's mail server to send emails somewhere else.
- Side note: You're not allowed to send personal data of other people outside the scope of EU law which makes forwarding emails a bit of a risk for you. It's your responsibility to only forward emails in compliance with GDPR.
- You may use a mail forward on the institute's mail server to send emails somewhere else.
Back to FAQ start
How does the password sync with GWDG work?
Back to FAQ start
I can not login at MAX or the SAP portal as external guest?
Unfortunately, this services are not available for you as an external guest.
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback