Skip to main content

Strong Passwords for Your Computer, NetID, and Other Cornell Services

This article applies to: Secure Your Computer and Mobile Device

Strong passwords are the barrier between your information and resources and criminals who are trying to get at them. Whether it's a password for your computer, to use your NetID to access online services, or to secure some other aspect of your Cornell life and work, it's essential that you make your passwords strong and keep them secret. Make all of your passwords, but especially your NetID password, as long and complex as feasible. Your passwords should be easy for you to remember, and difficult for other people to guess.

For Your Computer

Your computer must be configured so that when it starts up, you need to enter a password.

  • If your unit uses CornellAD, you will use your NetID and NetID password to log in.
  • If you are not using CornellAD, this should be a strong password that is only used by you. It must not be the same password as your NetID password.

These requirements apply to all accounts on the computer. Any access to your system must be protected by a strong password. As a guide to creating strong passwords in general, see below. It’s possible, however, that your department’s technical support staff may enforce different (even more stringent) rules for setting your computer’s login password.

Keep Your Password Secure

  • Don't write your password down or store it on your computer.
  • Keep your NetID password different from any other password, so your Cornell information will still be protected even if your other passwords are stolen.
  • Change your password regularly.
  • If you ever suspect someone else may have guessed your password, change it immediately!

Cornell Password Requirements

Cornell's password complexity rules may seem challenging at first. When you see examples like this H*P@p7mZ% you might wonder how anyone ever remembers their Cornell password.

The secret is finding the password recipe that works best for you. 

See why passwords have to be so complex.

Review the rules

At least 8 characters, including at least three of these four character types:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Symbols found on your keyboard, such as blank spaces, or ! * - () : | / ?

Exclude, ban, disallow:

  • Your NetID
  • Your first or last name
  • Dictionary words with 5 or more letters, including names such as "Cornell"
  • Repeated characters (AAA or 555)
  • Common sequences (abc, CBA, 123, 321, qwerty, pas)

Recipe for Your Cornell Password

Step one: Choose your main ingredient plus a number.

Examples of main ingredients Examples of numbers
  • A line from a favorite song, poem, or book
  • The punch line of a joke
  • A sports chant
  • A personal memory that is unlikely to be public knowledge. "Firsts" can be a good choice, such as your 1st date, your 1st job, your 1st teacher, your 1st roommate, or your 1st car.
  • A series from your life, such as the streets you've lived on; pets from your childhood; the names of your cousins; companies you've worked for; places you've visited or places where your family or friends live.
  • Year, or month and year (but not your birthday)
  • Quantity
  • Price
  • Age
  • Part of an old phone number
  • A personal best from a sport (score, distance, time)

Step two: Combine your main ingredient and your number to create your Cornell password.

Method 1: Chop (Passphrases)

Create a phrase or sentence. Add a comma, colon, semi-colon, period, or exclamation point if your phrase didn’t come with punctuation. Then abbreviate most of the words. (Your passphrase can have words shorter than 5 letters, as long as those words are less than 40% of the total.) For example:

  • Parts of people's names + number + symbol:
    'Barbara and John' with the meaningful year 2010 becomes 2010Bar+Jo
  • A phrase, with longer words abbreviated, + symbol + number:
    “Libe Slope legs” with a 15% slope, becomes Libe Slpe legs=15%

Method 2: Shred (Acronyms)

Create a phrase or sentence. Add a comma, colon, semi-colon, period, or exclamation point if your phrase didn’t come with punctuation. Then take the first letter of each word. For example:

  • "This grand institution, this school of Cornell!" plus a 10th reunion in June 1992 becomes 10thTgi,tsoC!0692

Method 3: Puree (Secret Codes)

Invent a secret code that you use for any passwords you create, not just your Cornell password. Apply your secret code to passphrases, acronyms, or words. For example: 

  • Capitalize the first letter of every word.
  • Change certain letters into symbols or numbers (but be creative and avoid these overused and too-obvious substitutions: the number 0 for the letter o, the symbol @ for the letter a, the number 1 for the letter l, and the number 3 for the letter e).
  • Decide what to do with spaces: Don’t use any, keep some, or replace some with a specific symbol or number.
  • Put your meaningful number in a specific spot.

Example of a secret code password:

  • “Stone, Roberts, East Roberts” plus the first month at Cornell, August 1975, becomes St%08, R%b, E^s75R%b

The rules for this secret code: The first letter of every word is capitalized. Each word is abbreviated to the first three letters. The letter a is the symbol ^ and the letter o is the symbol %. The spaces that follow the commas are kept. The first part of the number goes after the first word, and the last part of the number goes before the last word.

Secure Password Management

LastPass is a password management service that can store all of your passwords in a secure vault, which you protect with one master passphrase.  Current students, faculty, and staff, can learn more about Secure password storage with LastPass.

About this Article

Last updated: 

Wednesday, February 13, 2019 - 9:48am

Was this page helpful?

Your feedback helps improve the site.

YesNo

Comments?