Cornell NetID passphrase requirements were updated in Fall 2025 to include a minimum of 16 characters.

Part of an ongoing effort to bolster protection of personal and institutional data, the updated guidelines emphasize longer, more memorable passphrases rather than traditional complex passwords.

Moving away from strings of upper and lower case letters, numbers, and special characters reflects modern best practices in cybersecurity. Including those parameters in a passphrase is permissible, but no longer required.

The NetID passphrase still must be unique. Cornell community members cannot reuse passwords from other Cornell or personal accounts for their NetID login.

Setting up a non‑Cornell recovery email address allows community members to reset their passphrase securely and without waiting to contact support staff. 

For more details and step-by-step instructions, see:

• Create a Strong Passphrase
• Change Your NetID Password
• Set a NetID Recovery Email Address