Password Tips

Carleton passwords are required to be either:

  • at least 15 characters long, and may not contain spaces

or

  • 10-14 characters long, including at least one character from three of the five character classes (the five classes are uppercase, lowercase, numbers, punctuation, and everything else)

Your password expires once a year, and you have to choose a new password that you haven't used before.

How do you come up with a password that's long enough, easy to type, and easy to remember?

It's just a phrase

Any reasonably complex combination of letters, numbers and punctuation will make a good password, but there's no need to go to great lengths to create something that's hard to type and hard to remember.

Instead, use a short phrase as your password. Any phrase of three or more words whose letters total 15 or more will make a fine password.

When you're next asked to choose a password, just take a phrase from that song that's running through your head, or a favorite quote, or any other string of words that comes to mind. Take out the spaces and you're done! You can leave in punctuation or capital letters, or not, depending on what you find easiest to type.

Examples (don't use these):

  • allyouneedislove
  • wethepeopleofthe
  • rememberthealamo

When it comes time to choose a new phrase, you can keep to the same theme (e.g. "amoreperfectunion"), just change one of the words in your phrase, or choose something completely different.  No more than 6 contiguous characters can be the same between the old password and the new password.

What not to do

The password changing web page does some simple checks to make sure the password you choose meets a few minimal security requirements. Here are some things it will reject:

Passwords that just repeat a few letters:

  • 111111111111111
  • abcabcabcabcabc
  • 123212321232123

Passwords that are some obvious pattern:

  • 123456789012345
  • abcdefghijklmnop
  • qwertyuiopasdf (the first 15 letters on a keyboard)

Passwords that consist entirely or mostly of a single long word or common short phrase:

  • decertification
  • carletoncollege
  • northfieldminn1
  • surprisingly701

Passwords that are closely based on a single long word or common short phrase:

  • d3c3rtif1c4ti0n (decertification with digits replacing certain vowels)
  • noitacifitreced (decertification, reversed)
  • 107ylgnisirprus (surprisingly701, reversed)

You can form passwords by replacing certain letters in a word with other letters or numbers, but not if that replacement follows common patterns (like o=0, i=1, e=3, etc).


If you use the phrase method of password selection outlined above, you should never run into any of these limitations.