Manage Your Passwords

Passwords at Carleton serve several purposes, such as preventing unauthorized access to sensitive information and helping faculty, staff, and students prove their identity to campus computer systems. This page provides guidance and detailed information about your Carleton account, as well as some best practices for managing other passwords that you may need for your work at Carleton.

Getting Started:

Password Policies and Requirements

Carleton maintains two password policies. Which one applies to your account depends on whether or not you have enrolled in two-factor authentication via Duo.

Carleton faculty, staff, and current students (except for the class of 2018) are required to use Duo and are subject to Policy 1 below.

Policy 1 (with Duo enrollment):

  • Never expires (no annual forced reset).
  • 12 characters minimum.
  • No complexity requirements (special characters, etc.).
  • Minimal blacklist of disallowed terms to prevent easily-guessable passwords.

Policy 2 (no Duo enrollment):

  • Annual expiration.
  • 12 characters minimum.
  • Subject to complexity requirements:
    • At least one capital letter.
    • At least one number.
    • At least one special character or symbol.
  • Minimal blacklist of disallowed terms to prevent easily-guessable passwords.

More Info:

  • Windows .\admin passwords: Installing software on staff/faculty Windows PCs requires a password specific to your PC, which must be different from your primary password. Because it is only good for this one purpose, a short word or phrase of 8-15 characters is allowed.
  • Windows BitLocker passwords: Employee PCs that might store sensitive information will be encrypted with BitLocker. ITS will assist you with this at PC delivery time. We suggest that you use the same password for .\admin and BitLocker.
  • Long passphrases suggested: Passwords composed of three or more words strung together are considered both more secure and easier to remember
  • Change passwords when suspicious activity occurs: If you notice suspicious activity on your email account or computer, first change your password, then call the Helpdesk. Stolen passwords are abused quickly.
  • Avoid reusing passwords: If you use the same password everywhere, all of your accounts are only as secure as the least secure service.
  • Consider writing your passwords down, safely: The last three rules make it hard to formulate and remember passwords. Although you will need to memorize your Carleton password, it can be OK to write reminders of other passwords on paper or in password manager programs. If you use paper, truncate or misspell passwords . If you use a password manager, consider doing the same. Acceptable programs include LastPass and KeePass. The ITS Helpdesk can assist you with setting up these programs on your computer.
  • Be very suspicious of unsolicited requests for passwords: Scam emails are relentless . Although most are filtered out, expect to receive at least one in your Inbox per month. Simply move it to your Junk folder. ITS staff will NEVER ask you for your password.
  • Don't give your username and password to anyone else.



Please contact the ITS Helpdesk.

See Also: