Guidelines for Strong Passwords

Lafayette College Information Technology Services (ITS) requires that passwords used to access computing systems at Lafayette be strong to enhance security. ITS strongly encourages the use of strong passwords for all other computing systems.

A strong password is difficult for both humans and machines to guess. Lafayette College ITS follows NIST special publication 800-63B and recommends using two-step login combined with a long and unique password.

Characteristics of strong passwords

A strong password should:

  • Be at least 12 characters long (16 or more is recommended for stronger security).
  • Avoid common or compromised passwords (e.g., “password123” or “qwerty”).
  • Be unique for each account (never reuse passwords across different sites).
  • Use a passphrase instead of random character substitutions (e.g., “CoffeeBanana$Summer!” is stronger and easier to remember than “P@ssw0rd!”).

A strong password is hard to guess, but it should be easy for you to remember—a password that has to be written down is not strong, no matter how many of the above characteristics are employed.

While all systems that use the Lafayette NetID and password for authentication support a password with the above characteristics, other systems may not support similarly strong passwords. For example, a system may not recognize case, may have a limit on the number of characters, or may not allow special characters. ITS recommends that in these situations, users incorporate as many strong password characteristics as the system will allow.

Examples of weak passwords

Avoid using:

  • Any word found in a dictionary, in any language (e.g., airplane or aeroplano).
  • A dictionary word with some letters replaced by numbers (e.g., a1rplan3 or aer0plan0).
  • A repeated character or a series of characters (e.g., AAAAA or 12345).
  • A keyboard series of characters (e.g., qwerty or poiuy).
  • Personal information (e.g., birthdays, names of pets or friends, Social Security number, addresses).
  • Anything that’s written down and stored somewhere near your computer.

Tips for keeping your password secure

  • Consider using a password manager to securely generate and store passwords
  • Change your password only if you suspect a compromise.
  • Never reuse passwords for multiple accounts.
  • Enable Multi-Factor Authentication (MFA) whenever possible for additional security.
  • Avoid entering your password on untrusted devices (e.g., public computers, shared workstations).
  • Never store passwords in an unsecured format (e.g., text files, sticky notes).
  • Never share your password—even with IT staff.

Contact Information

For questions, concerns, or to report a potential security issue, contact security@lafayette.edu.