Security

The university does the utmost to secure the use of the Tilburg University-password. On the other hand you can give a hand too.

What can you do yourself?

The developments on the Internet are quick as a flash. Criminals also use this fast development of techniques. Large groups of people receive phishing e-mails, viruses, key-loggers etc. Below we indicate measures you can take yourself to surf safely.

Handle your Tilburg University-password with care

Your Tilburg University-password is strictly personal. Therefore you should protect it well and prevent others from misusing it. The helpdesk staff will never ask for your Tilburg University-password. Not by e-mail, telephone or in whatever way. So never give your Tilburg University-password to anybody!

Use a hard-to-guess Tilburg University-password

It is important to choose a password which is hard to guess.
The Tilburg University-password you choose, should meet a number of criteria, before it is accepted. Those criteria are:

  • It must contain at least 8 characters and 16 characters at the most.
  • It must consist of alphanumeric characters only (a-z, A-Z, 0-9), special characters are allowed ~ ! @ # $ % ^ & * ( ) - = _ + [ ] { } | ; ' : \ " , . \ / < > ?
  • It must contain at least one digit, one uppercase character and one lowercase character.
  • It may not be simple/systematic (e.g. not 123abcABC).
  • It may not contain your username, last name and administration number.
  • Dutch and English words may not to be used.

The password application performs various checks and gives direct feedback when the password does not meet the above criteria. Finally: once a password is accepted, it is not allowed to use it again in the future. An alternating use of two 'strong' passwords for instance is not possible.

An often used method to create a strong password which is easy to remember is to take a sentence you can easily remember (for instance Den Haag, beautiful city for beautiful people'). Take the first letter of each word and change it a bit ('D-Hbc4bp'). Now you have a password you can easily remember and which is hard to guess.

Don't use an extra mail address where others have access to at the password recovery service

You may state an extra mail address for delivery of the password mail with the secured link. Be sure only you can access the mailbox matching this address.

Use questions with hard-to-guess answers when applying for password-recovery service

The questions and answers you choose, should meet the criteria below, before they are accepted.

  • A question should at least have two words; this also goes for the answer.
  • You should state two different questions.

The access to your secret questions is via your username. The second question will appear as soon as you have given the correct answer to the first question. Bear in mind that your first question is easily retrievable by others, for your username is not protected. Do not facilitate evil-minded people on guessing the possible answer to your question. Therefore choose combinations of questions and answers as unpredictable as possible to others. Treat your secret questions as any confidential data and do not tell anyone!

For reasons of security you should choose answers which:

  • are not truthful,
  • are irrelevant and do not link to the question,
  • start and end with a digit,
  • do not contain (part of the) question,
…but are easy to remember anyway. What else can you do?
  • Treat your Tilburg University-password and the answers to your secret questions for Password Recovery with care.
  • Never write down your Tilburg University-password and the answers to your secret questions anywhere.
  • Do not file your Tilburg University-password and the answers to your secret question under a function key.
  • Preferably do not have applications remember your Tilburg University-password, unless you use secured software especially intended for this purpose.
  • Make sure no one watches you entering your Tilburg University-password or the answers to your secret questions. lock your computer on absence.
  • Regularly change your Tilburg University-password and the answers to your secret questions.
  • Use the button 'log out' in web applications.
  • Always close all browser windows after ending a 'Single Sign On' session and close the browser application.
  • Be very careful when using a computer in an internet café. You have no information on the security of the computer you work on.
What does the university do?

The Tilburg University-password application uses a secured internet connection via the Secure Sockets Layer protocol (SSL). All data exchanged between you and the application are encrypted and therefore unreadable for others. As soon as the secured connection is started up, a closed lock appears in the address bar or in the right bottom in your browser. You can check whether you are on the proper website by clicking the lock. You open the certificate. When the General tab of the certificate mention TERENA SSL CA, you can trust the website your on.

Your Tilburg University-password and the data you have set via the password-recovery service are encrypted and stored in a protected database. No one except you has access to these data, not even the helpdesk staff.

You receive mail message on all actions regarding your university account. This mail is sent by default to your Tilburg University-mail address. The mail a.o. mentions which action was performed and the IP-address of the computer involved in the action. You receive this mail on an extra mail address as well when you set this via the password-recovery service. Should you suspect misuse of your username or password, for instance because you receive such mails while you did not undertake actions yourself, contact the LIS Service Desk or one of the university's Computer Emergency Response Team members.