Effective October 1, 2015, The LSU AgCenter implemented new password security requirements to better protect employees and resources. The following sections outline the new requirements as well as provide guidance on how to construct and protect an effective password. Questions regarding the new requirements should be directed to your LSU AgCenter technical support representative or the LSU AgCenter Help Desk via telephone at (225)578-8534, or via e-mail to itsupport@agcenter.lsu.edu.

Password Requirements

• The password must be fifteen (15) or more characters long.
• The password must be constructed using three (3) of the following four (4) character categories:
  • at least one (1) uppercase character.
  • at least one (1) lowercase character.
  • at least one (1) base 10 digit (0-9)
  • at least one (1) non-alphanumeric character (i.e. %, &, !)
• The password must not match any of your three (3) most recent passwords.
• The password may not be changed immediately after it has been updated.
• After five (5) unsuccessful login attempts within a five (5) minute period you will be locked out of your account for ten (10) minutes.

Note: While our policy only requires that you use three (3) of the four (4) character categories as listed above, it is strongly recommended that you include a character from all four (4) character categories in your password.

Password Construction Guidelines

A well-constructed password provides protection from the many different types of password attacks. Since password strength is determined by two primary factors, length and complexity, these should be taken into consideration during the password creation process. In addition, the password should be constructed in a manner that enables you to remember it without introducing additional risks (I.E. Writing the password on paper, saving the password in internet sites, etc...).

The following guidelines provide recommended practices for password construction:

1. Avoid the use of identifying criteria in the password (I.E. Usernames).
2. Avoid the use of dictionary-based words in the password.
3. Avoid the use of nouns with which you have a well-known affiliation (I.E. Workplace names).
4. Ensure the complexity requirements are applied in an effective manner (see examples below).
5. Ensure the complexity of the password does not affect your ability to remember it.

Password Construction Examples

The following passwords are examples of a well-constructed password using the above guidelines. Remember that passwords are used to protect your personal identity and, as such, the more personal the contents the better you will be able to construct an effective one!

Scenario 1: William wishes to create a new well-constructed password for his LSU AgCenter account. He played basketball for four (4) years in high school and received the Most Valuable Player award in his senior season. His password could be HiSc4mvpHo%0p1978 (HiSc from high school, 4 from the number of years he played basketball, mvp from his award, Ho0p by association with basketball, the percent symbol as a means of breaking up the word hoop, and 1978 as a meaningful year to William).

Scenario 2: Barbara wishes to create a new, well-constructed password for her LSU AgCenter account. She is an avid LSU sports fan and considers Glen Davis and Pete Maravich the best players to have ever stepped on a basketball court. Her password could be gD23Pm0g3@uXisch (gD for Glen Davis, 23 for Pete Maravich, Pm for Pete Maravich, 0 for Glen Davis, g3@uX for geaux, and isch are the last two letters of Glen Davis and Pete Maravich, respectively.

Scenario 3: Beatrice lives to fish. She catches fish, cleans fish, and eats fish. She works for the LSU AgCenter when she's not doing one of those three. Her password will be constructed from the simple phrase "I like to fish for reds." We start by changing "to" and "for" to the numbers 2 and 4, respectively. We then situate them together so we have "Ilike24fishreds". Next, to break up the common words in the phrase, we insert a % symbol in like, change the "i" in fish to a "y," and, finally, change the "s" at the end of "reds" to a "z". We now have "Ili%ke24fyshredz".

Password Protection

Now that you've constructed an effective password, how do you protect it? The most important thing to remember when it comes to password protection is that it starts and ends with you! Compliance with the following list of best-practices will help ensure your password remains secure.

1. Never share your password with another individual! If another individual has access to your password, they have the capability to assume your identity, access your resources (such as e-mail and network shares), and perform actions in your name! If you have reason to believe that another individual has access to your password, change it immediately!
2. Never write down your password. If you have to write it down, it is not an effective password. If you have written it down, change it immediately.
3. Never use the same password for different security domains. While it can become unreasonable to maintain a unique password for every purpose, it is highly recommended that your passwords for work-related resources and personal resources remain different.
4. Never provide your password to anyone over the phone, regardless of who they claim to be.
5. Never input your password into a website to which you received a direct link via e-mail. Links in e-mail can be redirected to malicious sites intended to compromise your credentials. Instead, if the e-mail appears to be from a reputable sender, manually navigate to that sender's homepage and logon with assurance that your password is safe.

Last updated on August 5, 2024, by Adam Woerner.