Carleton’s “Password Policy” is maintained in the Campus Handbook. 

The College password policy undergoes periodic review in response to changes in technology and/or changes in widely shared best practices. The Handbook will contain the latest version of the policy and the ITS policies & procedures page will contain the history and explanation for the changes.  

Change history: 

  • On March 14, 2024: two-factor authentication is now required for all users with a Carleton email account. Users are expected to have a non-Carleton email address on record to facilitate password resets. An external email address is required for alumni accounts. 
  • On December 6, 2021: following the recommendations of a security audit, password policies were updated to require a minimum length of 15 characters.
  • On December 4, 2017: the Technology Priorities and Planning Committee (TP&PC) endorsed a campus-wide (faculty, staff, and students) commitment to two-factor authentication.