Password Best Practices

Creating a strong password is key to protecting your personal information at LSU. In general, the longer and more diverse a password is, the more difficult it will be for an attacker to crack it. Regarding password length, LSU offers two options to the user community, with a longer password expiring less frequently:

• Option 1, which requires 10 – 14 characters with an expiration of every 60-days
• Option 2, which requires 15 or more characters with an expiration of every 180-days.

Beyond the minimum required password length, ITSP recommends several best practices to help strengthen your credential for both PAWS and LSUMail accounts, in addition to other accounts a user may own:

• Use a minimum of 14 characters:
  • In general, the longer the password, the harder it will be for an attacker to guess.
• Use a variety of characters:
  • Use a variety of characters including numbers, upper case letters, lower case letters, and special characters (e.g ~, @, #, $, %)
• Create a passphrase:
  • Passphrases are phrases that you can easily remember and can also be translated into characters. For example, the phrase “I saw Mike the Tiger at LSU in 2006” can be translated to “iSmtT@LsUi2006”.
• Never share with others:
  • Anyone with access to your password has access to your personal information, and therefore can impersonate you online. This includes being able to alter your financial information, make purchases, send emails addressed as you, etc.
• Use different passwords for different accounts:
  • If the same password is used across multiple applications and an attacker manages to get access to your password, they can then compromise all of your accounts with that one password. Using different passwords for different applications ensures that all of your accounts won’t be compromised if one of your passwords is cracked.
• Change your password periodically:
  • Changing a password periodically allows for less time for attackers to obtain a particular password.