As we step into the new academic term we’d like to remind you of the importance of password security.

Here at Carleton students, staff, and faculty are provided a MyCarletonOne account.  This account grants access to many services – cuLearn, Carleton Central, the MyCarleton Portal, the Intranet for staff and faculty, CU Wireless, workstations and lab computers, and more – and thereby access to sensitive information.  With your MyCarletonOne credentials you login to services that allow you to drop and add courses, view pay information, view course assignments, and more which is why it’s so important to ensure your password stays safe and secure.

Inherently our MyCarletonOne password rules ensure that you create a strong password – it must be a certain length and contain various characters – and many staff are required to change their passwords frequently.

Here are five additional things you can do to ensure your password stays safe and secure:

  1. Don’t reuse passwords
  2. Don’t share your password
  3. Change your passwords frequently
  4. Make your password a nonsense phrase
  5. Avoid using obvious personal information as your password

And remember, hackers could keep trying to crack your passwords no matter how strong you make them. Many of these attempts come in the form of phishing attacks.  Although these attacks are getting more and more sophisticated, there’s a good chance an email is a phishing attempt if:

  • It asks you for your password or directs you to a web form asking for your password
  • If the link within the body of the message points to a non-Carleton email address
  • The subject line is in all caps
  • There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
  • There are spelling or grammatical errors in the email

If you suspect an email might be phishing best to err on the side of caution. Do not provide any information or reply to the email.

And always remember: ITS will NEVER ask you for your password via email and neither should any other trusted organization.