Passwords at Carleton serve several purposes, such as preventing unauthorized access to sensitive information and helping faculty, staff, and students prove their identity to campus computer systems. This page provides guidance and detailed information about your Carleton account, as well as some best practices for managing other passwords that you may need for your work at Carleton.


Getting help with your password



Password Requirements

Carleton maintains two password policies. Which one applies to your account depends on whether or not you have enrolled in two-factor authentication via Duo.

NOTE: Carleton faculty, staff, and current students are required to use Duo and are subject to Policy 1 below.


Policy 1 (with Duo enrollment):

  • Passwords must contain at least 15 characters.
  • Passwords will be automatically checked against a list of previously-hacked passwords to make sure you are not using one of them.
  • Passwords cannot contain easily-guessable words such as:
    • Your first or last name
    • Your username
    • Your previous password
    • The word “carleton”
    • The word “college”
    • The word “password”
  • Passwords do not require special characters.
  • Passwords do not expire.

Policy 2 (no Duo enrollment):

  • Passwords must contain at least 12 characters.
  • Passwords are subject to complexity requirements:
    • At least one capital letter.
    • At least one number.
    • At least one special character or symbol.
  • Your new password will be checked against a list of previously-hacked passwords to make sure you are not using one of them.
  • Passwords cannot contain easily-guessable words such as:
    • Your first or last name
    • Your username
    • Your previous password
    • The word “carleton”
    • The word “college”
    • The word “password”
  • Passwords expire annually.

More Information:

  • Windows .admin passwords: Installing software on staff/faculty Windows PCs requires a password specific to your PC, which must be different from your primary password. Because it is only good for this one purpose, a short word or phrase of 8-15 characters is allowed.
  • Windows BitLocker passwords: Employee PCs that might store sensitive information will be encrypted with BitLocker. ITS will assist you with this at PC delivery time. We suggest that you use the same password for .admin and BitLocker.
  • Long passphrases suggested: Passwords composed of three or more words strung together are considered both more secure and easier to remember
  • Change passwords when suspicious activity occurs: If you notice suspicious activity on your email account or computer, first change your password, then call the Helpdesk. Stolen passwords are abused quickly.
  • Avoid reusing passwords: If you use the same password everywhere, all of your accounts are only as secure as the least secure service.
  • We highly recommend using a password manager: We recommend using a password manager program to store and remember your passwords. More information is available on the ITS Knowledgebase. (NOTE: If you use paper to record your passwords, be sure to write “hints” rather than your actual passwords.)
  • Be very suspicious of unsolicited requests for passwords: Scam emails are relentless. Although most are filtered out, expect to receive at least one in your Inbox per month. Simply move it to your Junk folder. ITS staff will NEVER ask you for your password.
  • Don’t give your username and password to anyone else.

Questions?

Please contact the ITS Helpdesk (x5999).

See Also: