Skip to main content

Cornell University

Latest News

A key with overtones of digital elements.

In Chief Global Information Officer Curtis Cole’s Wireside Chat on Wednesday, October 30, he mentioned passkeys as one way in which technology improves efficiency.

So what’s a passkey?

A passkey is a new way to securely access services without needing a password, and the gold standard for logging in with the most security. A passkey uses a complex set of formulas to generate an extremely strong, and unique, key on your device, which means you don’t have to create and memorize a bunch of passwords. 

Passkey login at Cornell is available to faculty and staff. Student options are still in development.

Hold the phone! How do you log in without a password? 

The trick to the passkey is that it’s stored on your devices, and only on those devices. When you use a passkey to log in to a system, you “unlock” it from your device. The most secure way to do this is with your biometrics, but sometimes you can use your device’s password or PIN as well. 
 
If this seems a little like waving a magic wand over how a passkey works, that’s because passkeys use public key cryptography, the science of which fills a series of upper-level computer science courses.  We guarantee that a passkey is much more secure than password2024 by several million factors.

Passkeys give you one touch efficiency

Cornell launched Secure Connect as Cornell’s passkey service. It only takes a few minutes to register your device and start using the most secure form of account protection available.

When you have a passkey set up at Cornell, accessing many services that use CUWebLogin are as easy as a touch. No typing in complex passwords, no waiting for a Duo push, and no trying to find your phone before that Duo push times out.

Some services (for example VPN, Outlook, any Microsoft login, Slack) will still require a password and two-step authentication.


Speaking of security, hackers can’t steal your passkey

Your passkey exists in a highly encrypted file right on your computer. To unlock that passkey, you must unlock your computer personally. Remember, the most secure way to do this is through your face or your fingerprint (your biometrics). At Cornell you can also use your PIN or password (but only on Cornell-owned devices). 

Bonus benefit: If you don’t have to type your password into a web page, which can be (and has been) spoofed, then hackers can't steal your password, either.

A note about biometrics and privacy

Many people hesitate to use a fingerprint or face image for security purposes, fearing that someone will use the data to re-create their face or fingerprint. Biometric data (the whorls of your finger and the details of your warm smile) stays on your device and cannot be stolen to recreate and impersonate your likeness.

To reiterate, your biometric data is never shared, transmitted, or stored with Cornell or a third party. Remeber, you have complex math to protect your biometric privacy

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.