Passwords at Carleton serve several purposes, such as preventing unauthorized access to sensitive information and helping faculty, staff, and students prove their identity to campus computer systems. This page provides guidance and detailed information about your Carleton account, as well as some best practices for managing other passwords that you may need for your work at Carleton.
Carleton has two password policies and a set of password strength requirements that apply to both policies. The use of a “passphrase” containing a set of words is recommended. The use of a password manager is also recommended.
For Email Account holders:
- Applies to faculty, staff, and students, and all users who have a Carleton email account
- Requires compliance with the password strength requirements (see below)
- Requires use of multi-factor authentication through the Duo application
For all other users:
- Applies to users such as Alumni, emeritus or affiliates, who do not have a Carleton email account. These users log in to other (non-email) systems using their Carleton username.
- Requires compliance with the password strength requirements (see below)
- Users must have a non-Carleton email address on record
Password strength requirements:
- Passwords must contain at least 15 characters (and is encouraged to be longer)
- Passwords cannot contain easily-guessable words
- Passwords cannot contain easily-guessed personal or Carleton information
- Passwords cannot be available on lists of previously compromised passwords
- Passwords do not require special characters
- Passwords do not expire, but are checked against known password lists to ensure that they continue to offer good protection
Getting help with your password
- Review Carleton’s password policies.
- Things to consider before and after changing your Carleton password.
- To change your password, visit Password Changing.
- To learn about setting up password recovery options, visit Self-Reset Service Registration.
More Information:
- Account Activation: For more information on the faculty/staff account activation process, visit the New Employee Account Setup page.
- Windows BitLocker passwords: Employees with Carleton-issued Windows laptops will be required to activate BitLocker. ITS will assist you with this at PC delivery time.
- Long pass phrases suggested: Passwords composed of three or more words strung together are considered both more secure and easier to remember
- Change passwords when suspicious activity occurs: If you notice suspicious activity on your email account or computer, first change your password, then call the Helpdesk. Stolen passwords are abused quickly.
- Avoid reusing passwords: If you use the same password everywhere, all of your accounts are only as secure as the least secure service.
- We highly recommend using a password manager: We recommend using a password manager program to store and remember your passwords. More information is available on the ITS Knowledge Base. (NOTE: If you use paper to record your passwords, be sure to write “hints” rather than your actual passwords.)
- Be very suspicious of unsolicited requests for passwords: Scam emails are relentless. Although most are filtered out, expect to receive at least one in your Inbox per month. Simply move it to your Junk folder. ITS staff will NEVER ask you for your password.
- Don’t give your username and password to anyone else.
Questions?
Please contact the ITS Helpdesk (x5999).