Skip to main content

Alumni Should Update Passwords as Cornell Retires MIT Kerberos

Cornell is retiring one of its login authentication methods. Here are some details about what you need to do to keep logging in to Cornell's online resources.

This article applies to: Alumni and Visitors, NetIDs

During 2018, Cornell will be retiring one of its login authentication methods, MIT Kerberos. If you infrequently visit Cornell websites requring login, you should take a moment now to update your password. This will help you avoid the possibility of getting an error during a future login to Cornell resources.

In particular, if you haven’t changed your password since 2007, we’re asking that you change your password now.


In 1995, Cornell began creating NetIDs as a way for community members to access computer networks using a single login. This allowed users to work across many systems without needing a separate login process for each. To accomplish this, Cornell implemented MIT Kerberos, which served as our primary tool for login security.

In 2007, Cornell additionally implemented Microsoft’s Active Directory, whose features also include support for single login in a way similar to MIT Kerberos. Since then, each time someone sets or changes a password, the new password has been included in both Active Directory and MIT Kerberos. If you have been using Cornell’s Microsoft Outlook or SharePoint services since 2007, you are already logging in using Active Directory.

To avoid duplication of services, we are planning to retire MIT Kerberos and rely solely on Active Directory. While accomplishing this technically is not difficult, we have identified users who have not set or changed their password since we implemented Active Directory. This means their current password is stored only in MIT Kerberos.

Because one of the features of a good security system is that even administrators cannot read a user’s password, we do not have the ability to automatically copy passwords from MIT Kerberos to Active Directory. The only way to get your password into Active Directory is for you to set it.

Example: Your NetID is pqs665. You last logged in on September 1, 2017, but your last password change was on June 1, 2005. As a result, your password is not currently in Active Directory.

How to Update Your Password

Go to the Manage Your NetID webpage and click the link Change Your Password to start the process. Follow the instructions on that page.

Once you have done this, your new password will be saved in the current security system and you’ll be all set.

Cornell has password complexity rules in place. These rules prevent you from re-using your current password and help you come up with a new password that can’t easily be compromised by hackers.

Creating a strong password is very important to keep your data and the University’s online resources safe.  For help choosing a secure password you can remember, read more about creating Strong Passwords.

If you have any difficulty changing your password or logging in afterward, please contact the IT Service Desk for assistance.

About this Article

Last updated: 

Wednesday, February 13, 2019 - 9:25am

Was this page helpful?

Your feedback helps improve the site.