Cornell has begun a phased, required update of NetID passwords for all accounts for the Ithaca‑supported campuses. All IT staff on the Ithaca-supported campuses are now resetting their NetID passwords to test the experience and prepare to support the rest of the community. Improvements will be made to the process, documentation, and support based on their feedback.

Once improvements are complete, the NetID password change requirement will be rolled out in waves to the rest of the community, covering all faculty, students, staff, and alumni who have not changed their password since February 14, 2026. The schedule is still in development.

Why is Cornell doing this?

Recent attacks have targeted Cornell and peer institutions through compromised weak passwords and unattended accounts. These attacks and heightened threats related to international conflict prompted the password reset initiative. In response, Cornell has made two enhancements to strengthen account security and reduce long-term risk while making password requirements more straightforward:

1. In September 2025, Cornell changed its requirement for password complexity to a minimum requirement for 16-character passphrases, which is more secure and can be easier to remember (learn more about choosing a strong password or passphrase).
2. On February 14, 2026, Cornell updated the encryption standards for NetID passwords. All passwords changed after that date are protected with the new encryption strength. 

These changes are in addition to the University’s move to Passkeys as the preferred method of authentication, via the secure connect project. 

What to Expect

When the password change is required for an individual’s NetID account, they encounter an additional screen when signing in through CUWebLogin, prompting them to update their password.

• They may defer the prompt up to three times 
• On the fourth prompt, the password change will be required 
• Passwords now require a 16‑character minimum 
• Specific character types (uppercase, numbers, symbols) are no longer required, but may be used 
• The experience is intended to be understandable and not require assistance 
• They will need to sign into other services or systems again as the password change spreads through Cornell’s IT services (see What Happens After a NetID Password Change) 

Anyone who prefers to change their password now can do so by following the steps at Change Your NetID Password or going to netid.cornell.edu and selecting Change Your Password.