Skip to main content

Cornell University

Latest News

A key with overtones of digital elements.

In the 2025 Cybersecurity Training and Attestation course you read about the Secure Connect passkey. Here's why passkeys are important -- and effective -- at protecting your Cornell account.

Why is Cornell moving to passkeys?

In a word: security. The IT Security Office has seen a dramatic rise in attempts to steal employee passwords as well as trick users with fraudulent Duo prompts. Hackers are trying to steal your paycheck, as well as sensitive and proprietary information that Cornell and its community have access to.

Passkeys can't be phished, which helps to shield you and the university.

So what’s a passkey?

A passkey is a new way to securely access services without needing a password, and the gold standard for logging in with the most security. A passkey uses a complex set of formulas to generate an extremely strong, and unique, key on your device, which means you don’t have to create and memorize a bunch of passwords. 

Passkey login at Cornell is available to faculty and staff. Student options are still in development.

Hold the phone! How do you log in without a password? 

The trick to the passkey is that it’s stored on your devices, and only on those devices. When you use a passkey to log in to a system, you “unlock” it from your device. The most secure way to do this is with your biometrics, but sometimes you can use your device’s password or PIN as well. 
 
If this seems a little like waving a magic wand over how a passkey works, that’s because passkeys use public key cryptography, the science of which fills a series of upper-level computer science courses.  We guarantee that a passkey is much more secure than password2025 by several million factors.

Passkeys give you one touch efficiency

Cornell launched Secure Connect as Cornell’s passkey service for faculty and staff. It only takes a few minutes to register your device and start using the most secure form of account protection available.

When you have a passkey set up at Cornell, accessing many services that use CUWebLogin are as easy as a touch. No typing in complex passwords, no waiting for a Duo push, and no trying to find your phone before that Duo push times out.

Some services (for example VPN, Outlook, any Microsoft login, Slack) will still require a password and two-step authentication.


Speaking of security, passkeys can't be phished!

Your passkey exists in a highly encrypted file right on your computer. To unlock that passkey, you must unlock your computer personally. Remember, the most secure way to do this is through your face or your fingerprint (your biometrics). At Cornell you can also use your PIN or password (but only on Cornell-owned devices). 

Bonus benefit: If you don’t have to type your password into a web page, which can be (and has been) spoofed, then hackers can't steal your password, either.

A note about biometrics and privacy

Many people hesitate to use a fingerprint or face image for security purposes, fearing that someone will use the data to re-create their face or fingerprint. Biometric data (the whorls of your finger and the details of your warm smile) stays on your device and cannot be stolen to recreate and impersonate your likeness.

To reiterate, your biometric data is never shared, transmitted, or stored with Cornell or a third party.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.