Information Technology Services (ITS) announced that the PAWS password change function would be enhanced to allow 2 different password options beginning February 18, 2007. These changes were implemented because of Office of Information Technology Standard 009 (IT STD-009), which requires information to be protected from unauthorized access, modification, and destruction.

The two options currently available at the University include:

• Option 1, which requires 8 – 14 characters with an expiration of every 60-days, and
• Option 2, which requires 15 or more characters with an expiration of every 180-days.

Passwords versus Passphrases

What is the difference between passwords and passphrases? Passwords are typically not safe to standalone systems that expose data to enable password guessing by an attacker. Passphrases are generally stronger and much longer, making some kinds of brute force attacks entirely impractical. In addition, if well chosen, passphrases will not be found in any phrase or quote dictionary, so such dictionary attacks will be unlikely. Finally, passphrases can be so structured as to be more easily remembered than passwords without being written down. Therefore, passphrases are considerably more secure.

ITS strongly recommends using passphrases because of the greater flexibility and enhanced security it provides Louisiana State University users.

For additional information on passphrases, you may find the sites below useful:

• Wikipedia: Passphrase
• The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3
• The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3
• The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3

Why do I have to change my password?

It is important to understand just what your password is and what it represents. You have a user name, or Network ID, that is the technology equivalent of your name. Your password is a unique sequence of characters that is the technology equivalent of your signature. Just as a bank would not cash a check that did not show your valid written signature, a computer security system will not let you access its functions without a valid password.

There are many different computer systems throughout the campus and many require their own department's authorization for access (requiring different credentials - usernames and passwords). The access granted by Information Technology Services (ITS) allows you to access your e-mail, sensitive information (payroll information, grades, etc.), and secure wireless via your Network ID and password. This ID and password is also linked to another system known as LSU Active Directory that allows you to access other computing resources on campus.