Whether it's a password for your computer, your NetID password used to access Cornell's online services, or those that secure other aspects of your digital life, it's essential that you make your passwords strong and never share them. All of your passwords, and especially your NetID password, should be as long and complex as possible. Make your passwords unique, easy for you to remember, and difficult for others to guess.

For Your Computer

Your computer must be configured so that when it starts up, a password is required.

• If your unit uses CornellAD, you will use your NetID and NetID password to log in.
• If you are not using CornellAD, this should be a strong password that is only used by you. It must not be the same password as your NetID password.

These requirements apply to all accounts on the computer. Any access to your system must be protected by a strong password. As a guide to creating strong passwords in general, see below. It’s possible, however, that your department’s technical support staff may enforce different or more stringent rules for setting your computer’s login password.

Keep Your Password Secure

• Don't write your password down or store it on your computer.
• Keep your NetID password different from any other password, so your Cornell information will still be protected even if your other passwords are stolen.
• Change your password regularly.
• If you ever suspect that someone has guessed or stolen your password, change it immediately! Contact the IT Service Desk if you're unable to change your password. Also, report the incident immediately to the IT Security Office.

Secure Password Management

Cornell's optional LastPass secure password management service is available to all current students, faculty, and staff. LastPass stores all your passwords in one secure vault, which you protect with a strong master passphrase. The service also offers a secure password generator.

Cornell Password Requirements

Cornell's password complexity rules may seem challenging at first. When you see examples like H*P@p7mZ%, you might wonder how anyone ever remembers their Cornell password.

The secret is finding the password recipe that works best for you.

Review the rules

At least 8 characters, including at least three of these four character types:

• Uppercase letters
• Lowercase letters
• Numbers
• Symbols found on your keyboard, such as blank spaces, or ! * - () : | / ?

Exclude, ban, disallow:

• Your NetID
• Your first or last name
• Repeated characters (AAA or 555)
• Common sequences (abc, CBA, 123, 321, qwerty, pas)
• The following cannot make up more than 1/3 of your password:
  • Dictionary words with five or more letters, including names such as "Cornell"
  • Known bad passwords, such as, but not limited to The Top 10,000 Worst Passwords (Wikipedia)

Recipe for Your Cornell Password

Step one: Choose your main ingredient plus a number.

Step two: Combine your main ingredient and your number to create your Cornell password.

Method 1: Chop (Passphrases)

Create a phrase or sentence. Add a comma, colon, semi-colon, period, or exclamation point if your phrase didn’t come with punctuation. Then, abbreviate most of the words. (Your passphrase can have words shorter than five letters, as long as those words are less than 40 percent of the total.) For example:

• Parts of people's names + number + symbol: 'Barbara and John' with the meaningful year 2010 becomes 2010Bar+Jo
• A phrase, with longer words abbreviated, + symbol + number: “Libe Slope legs” with a 15% slope, becomes Libe Slpe legs=15%

Method 2: Shred (Acronyms)

Create a phrase or sentence. Add a comma, colon, semicolon, period, or exclamation point if your phrase didn’t come with punctuation. Then, take the first letter of each word. For example:

• "This grand institution, this school of Cornell!" plus a 10th reunion in June 1992 becomes 10thTgi,tsoC!0692

Method 3: Puree (Secret Codes)

Invent a secret code that you use for any passwords you create, not just your Cornell password. Apply your secret code to passphrases, acronyms, or words. For example: 

• Capitalize the first letter of every word.
• Change certain letters into symbols or numbers (but be creative and avoid these overused and too-obvious substitutions: the number 0 for the letter o, the symbol @ for the letter a, the number 1 for the letter l, and the number 3 for the letter e).
• Decide what to do with spaces: Don’t use any, keep some, or replace some with a specific symbol or number.
• Put your meaningful number in a specific spot.

Example of a secret code password:

• “Stone, Roberts, East Roberts” plus the first month at Cornell, August 1975, becomes St%08, R%b, E^s75R%b

The rules for this secret code: The first letter of every word is capitalized. Each word is abbreviated to the first three letters. The letter a is the symbol ^ and the letter o is the symbol %. The spaces that follow the commas are kept. The first part of the number goes after the first word, and the last part of the number goes before the last word.