ITS Password Policy Changes

October 4, 2010
By Austin Robinson-Coolidge

ITS is changing the password policy. The expiration period is changing from 120 days to one year, and we are adding the option to use a 10- to 14-character password with more complexity, rather than a 15-character pass phrase.

Carleton passwords, which typically last 120 days, will now be good for an entire year. The next time you change your password the expiration date will be set to be one year from that date, meaning that unless something goes wrong with your account that requires a password change to fix it, which sometimes happens, you won't be required to change your password until the next academic year.

We're also adding the option to have shorter passwords! For those who want them, our systems will now accept passwords that are only 10 to 14 characters in length, instead of the usual 15 characters or longer. In order to make sure your password is still secure, shorter passwords are required to be more complex. If you choose a 10- to 14-character password, you'll need to follow this rule:

Your shorter password must contain characters from at least three of the following five classes of characters:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Punctuation characters
  • Other characters

Examples of valid, shorter passwords are:

CarlsRgr8!
qwerty123#
iLikeCAPS!
12threeFour

Examples of invalid, shorter passwords are:

SamIsGr8! (not enough characters)
asdf';lkzx (only two classes of characters used)
qwertasdfg (only one class of characters used)

We've also updated the password changing Web page to provide helpful feedback as you choose your new password.

We hope these changes will make your computing experiences more productive and less stressful. If you have any questions or concerns, or need help with changing your password, please contact ITS for help at x5999.