Starting May 28, 2024, Cornell will begin enforcing strong encryption for Cornell NetID passwords. Some Cornell accounts that are not yet configured for strong encryption for password protection need to be updated before the change takes place.

Updating an account to strong crypto is triggered by the account owner changing the NetID password using the Manage Your NetID webpage. This change is being made to address the increasing threat to Cornell NetID credentials posed by cyberattacks.

What NetID Owners Need to Do

Potentially affected Cornell NetID account holders should update their passwords as soon as possible. IT Security Office staff will monitor those who have not yet updated their accounts and targeted reminders will be sent.

• Starting Tuesday, March 12, 2024, affected NetID owners who have not updated passwords began seeing a reminder message on the CUWebLogin page directing them to the Change Password option on the Manage Your NetID website, to change their passwords before proceeding.
• On Tuesday, May 28, 2024, Cornell will begin enforcing strong encryption for all NetID passwords. Those affected who have still not updated their passwords will be unable to login to any Cornell IT service, including the Change Password feature, and will need to use the Forgot Password option on the Manage Your NetID website to recover account access.

Resources

• Documentation about changing a Cornell NetID password can be found at Change Your NetID Password.
• A copy of the reminder sent to affected account holders can be seen in IT@Cornell Verified Communications.
• Those with a question can read more by visiting Troubleshooting: When logging in, I received a message that I need to change my password to avoid being locked out.
• Those who encounter issues changing a password or logging into Cornell services after changing a password should contact the IT Service Desk.