Skip to main content

Cornell University

IT@Cornell

Essential Tips to Keep Your Accounts Secure

This article applies to: National Cybersecurity Awareness Month

Thanks to technology, your personal and financial information are accessible to you from anywhere that the internet is available. This is convenient, but it also comes with risk. If all you need to access your account is “hello123,” then it will be easy for anyone else with an interest in your information to gain access as well. 

Don’t let a weak password be all that stands between your information and a cybercriminal. 

Your first line of defense is a strong password. 

Passwords may be going the way of the Dodo with the introduction of Passkeys, but not every site you use is quite there yet. Take a few minutes out of your day to create a strong passphrase for your device, NetID, and other Cornell services.

Wherever possible, secure your accounts with better, faster, stronger passwords by setting up Passkeys. On personal devices and with personal accounts, if Passkeys aren't available, you can create strong passwords without having to remember them by relying on a password manager app.

Don’t forget to set up a recovery email address for your NetID. If your Cornell NetID account is ever locked, you can quickly and easily get back in by registering a non-Cornell email address.

More authentication is more secure. 

If a cybercriminal has stolen your password through hacking, or a widespread security breach, multifactor authentication will be the reason that your personal data stays protected. 

If you’re worried about how you’ll get into your accounts if your phone breaks, you’re not getting service, or you get a new device, you can add alternate Duo devices to your account.

Use the IT Security checkup to make sure you’re protecting personal and professional data as best as you can.

Passkeys are a secure alternative to multifactor authentication.

Passkey login is currently the gold standard for account security, without relying on a password. A passkey uses a complex set of formulas to generate an extremely strong, and unique, key on your device. 

For faculty and staff at Cornell, Secure Connect allows you to use a passkey when you use CUWebLogin. Using your fingerprint or your face as a two-step login tool (instead of Duo), drastically reduces the chances of your account getting hacked. A criminal might be able to guess your password and trick you with duo push fatigue, but they can’t easily imitate your unique fingerprint or smile! 

If you want to understand how TouchID and Windows Hello work, read about Biometrics and Your Privacy. The short version is that biometric data is converted into a complex formula and stored on your device. It can’t be stolen to recreate or impersonate you in any way.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.