When the CUWeb Login screen changed last month, you saw a note about passkeys. You’ll see it again soon. Why?

280 to 1 Is Why 

Since CIT introduced the Secure Connect passkey in February 2024, the IT Security Office logged 280 instances of password compromises connected to CUWebLogin phishing and attacks among the faculty and staff who are eligible to get a Secure Connect passkey.

And only one for those who have a Secure Connect passkey.* 

280 Password Compromises: Over a Year Lost 

Here’s what that number represents: 

• About 5-6 hours of work hours lost for each victim;
• About 3 hours of work hours created for Cornell IT Support and IT Security staff;
• That’s at least one complete work day of lost time for each compromise. 

There are about 260 work days in one year, which means that since February 2024 Cornell has lost the equivalent of a year of employee productivity because of stolen passwords. 

That’s why you should simplify your sign-in. 

*A cautionary note to those using passkeys; until the university moves entirely to passkey login, scammers will still try to get you to use a password so they can break into your account.