Password Best Practices

Creating a strong password is key to protecting your personal information at LSU. In general, the longer and more diverse a password is, the more difficult it will be for an attacker to crack it.

For information on password management at LSU, please see our GROK article.

ITSP recommends several best practices to help strengthen your credentials for any accounts a user may own:

• Use a minimum of 15 characters:
  • In general, the longer the password, the harder it will be for an attacker to guess.
• Use a variety of characters:
  • Use a variety of characters including numbers, upper case letters, lower case letters, and special characters (e.g ~, @, #, $, %)
• Create a passphrase:
  • Passphrases are phrases that you can easily remember and can also be translated into characters. For example, the phrase “I saw Mike the Tiger at LSU in 2006” can be translated to “iSmtT@LsUi2006”.
• Never share with others:
  • Anyone with access to your password has access to your personal information, and therefore can impersonate you online. This includes being able to alter your financial information, make purchases, send emails addressed as you, etc.
• Use different passwords for different accounts:
  • If the same password is used across multiple applications and an attacker manages to get access to your password, they can then compromise all of your accounts with that one password. Using different passwords for different applications ensures that all of your accounts won’t be compromised if one of your passwords is cracked.
• Use a password manager:
  • Password managers serve as a vault, securing all passwords behind a single master password. With a password manager, you don't have to memorize your unique credentials across all of your accounts, they do that work for you. They can be installed as browser extension and as apps on your mobile device. We encourage you to research and select the password manager that suits you best.