Password Best Practices
Creating a strong password is key to protecting your personal information at LSUE.
In general, the longer and more diverse a password is, the more difficult it will
be for an attacker to crack it. LSUE Bengal Account passwords expire and must be
changed every 180 days.
OIT recommends several best practices to help strengthen your credential for your
LSUE accounts, in addition to other accounts a user may own:
- Use at least 8 characters and ideally a minimum of 14:
- In general, the longer the password, the harder it will be for an attacker to guess.
- Use a variety of characters:
- Use at least 3 types of characters including numbers, upper case letters, lower case
letters, and/or special characters (e.g @, #, $, %)
- Never use part of your name:
- Passwords should not contain part of your name.
- Never re-use passwords:
- Do not use passwords repetitively swaping back-and-forth between previously used values.
- Create a passphrase:
- Passphrases are phrases that you can easily remember and can also be translated into
characters. For example, the phrase “I saw Mike the Tiger at LSU in 2006” can be translated
to “iSmtT@LsUi2006”.
- Never share with others:
- Anyone with access to your password has access to your personal information, and therefore
can impersonate you online. This includes being able to alter your financial information,
make purchases, send emails addressed as you, etc.
- Use different passwords for different accounts:
- If the same password is used across multiple applications and an attacker manages
to get access to your password, they can then compromise all of your accounts with
that one password. Using different passwords for different applications ensures that
all of your accounts won’t be compromised if one of your passwords is cracked.
- Change your password periodically:
- Changing a password periodically allows for less time for attackers to obtain a particular
password.