Best Practices for Choosing a Secure Password

In addition to following LETU Password Requirements, LETU users should also use principles for choosing a secure password (including those below) when selecting a new password.

Remember that while some of the guidelines below might appear to focus on information difficult for an attacker to guess, some attacks are directed specifically at a specific user, allowing the attacker to attempt to learn about the target via various means such as social media before attempting to compromise an account.

  • Passphrases: Choose a password of at least 15 characters based on a passphrase - a collection of words that you can remember but that cannot easily be associated with you. In general, avoid common phrases such as popular quotes, or phrases that you use often or could easily be guessed by someone who knows you (ie a favorite bible verse).
  • Personal Information
    • Do not use personal information which is not truly private such as the names or nicknames of immediate family members, birth dates, anniversary dates, social security numbers, etc.
    • Be cautious with the use of other personal information which may be readily discoverable on social networks or other published locations (pet names, social media user names, etc)
  • LETU-Related Information:
    • Do not re-use a password that you use on any non-LETU system and do not use your LETU password on any other system
    • Do not use keywords as part of your password that might be easily associated with LETU users (i.e. LETU, LeTourneau, Buzz, your department name, etc)
    • Do not use any part of your username in your password
    • Do not use your LETU ID number in your password
  • Simplistic Passwords:
    • Do not use excessively simple (and commonly compromised) passwords such as "password1234567" or "aaaaaaaaaaaaaaa" (LETU's systems will block most of these but you should avoid trying to use them anyway)
    • Do not use patterns which can be found on a keyboard such as "qwertyuiop"

LETU systems will prohibit the creation of any passwords known to be compromised in public data breaches or easily guessed passwords.

Print Article