Strong Passwords for Your Computer, NetID, and Other Cornell Services
This article applies to: Secure Password Management, Secure Your Computer and Mobile Device, Security & Policy
Strong passwords are the barrier between your valuable personal information and resources, and the criminals who are trying to get at them. Whether it's a password for your computer, your NetID password used to access Cornell's online services, or those that secure other aspects of your digital life, it's essential that you make your passwords strong and never share them. All of your passwords, and especially your NetID password, should be as long and complex as possible. Make your passwords unique, easy for you to remember, and difficult for others to guess.
For Your Computer
Your computer must be configured so that when it starts up, a password is required.
- If your unit uses CornellAD, you will use your NetID and NetID password to log in.
- If you are not using CornellAD, this should be a strong password that is only used by you. It must not be the same password as your NetID password.
These requirements apply to all accounts on the computer. Any access to your system must be protected by a strong password. As a guide to creating strong passwords in general, see below. It’s possible, however, that your department’s technical support staff may enforce different or more stringent rules for setting your computer’s login password.
Keep Your Password Secure
- Don't write your password down or store it on your computer.
- Keep your NetID password different from any other password, so your Cornell information will still be protected even if your other passwords are stolen.
- Change your password regularly.
- If you ever suspect that someone has guessed or stolen your password, change it immediately! Contact the IT Service Desk if you're unable to change your password. Also, report the incident immediately to the IT Security Office.
Secure Password Management
Cornell's optional LastPass secure password management service is available to all current students, faculty, and staff. LastPass stores all your passwords in one secure vault, which you protect with a strong master passphrase. The service also offers a secure password generator.
Cornell Password Requirements
Cornell's password complexity rules may seem challenging at first. When you see examples like H*P@p7mZ%, you might wonder how anyone ever remembers their Cornell password.
The secret is finding the password recipe that works best for you.
See why passwords have to be so complex.
Review the rules
At least 8 characters, including at least three of these four character types:
- Uppercase letters
- Lowercase letters
- Symbols found on your keyboard, such as blank spaces, or ! * - () : | / ?
Exclude, ban, disallow:
- Your NetID
- Your first or last name
- Repeated characters (AAA or 555)
- Common sequences (abc, CBA, 123, 321, qwerty, pas)
The following cannot make up more than 1/3 of your password:
- Dictionary words with five or more letters, including names such as "Cornell"
- Known bad passwords, such as, but not limited to The Top 10,000 Worst Passwords (Wikipedia)
Recipe for Your Cornell Password
Step one: Choose your main ingredient plus a number.
|Examples of main ingredients||Examples of numbers|
Step two: Combine your main ingredient and your number to create your Cornell password.
Method 1: Chop (Passphrases)
Create a phrase or sentence. Add a comma, colon, semi-colon, period, or exclamation point if your phrase didn’t come with punctuation. Then, abbreviate most of the words. (Your passphrase can have words shorter than five letters, as long as those words are less than 40 percent of the total.) For example:
Parts of people's names + number + symbol:
'Barbara and John' with the meaningful year 2010 becomes 2010Bar+Jo
A phrase, with longer words abbreviated, + symbol + number:
“Libe Slope legs” with a 15% slope, becomes Libe Slpe legs=15%
Method 2: Shred (Acronyms)
Create a phrase or sentence. Add a comma, colon, semicolon, period, or exclamation point if your phrase didn’t come with punctuation. Then, take the first letter of each word. For example:
- "This grand institution, this school of Cornell!" plus a 10th reunion in June 1992 becomes 10thTgi,tsoC!0692
Method 3: Puree (Secret Codes)
Invent a secret code that you use for any passwords you create, not just your Cornell password. Apply your secret code to passphrases, acronyms, or words. For example:
- Capitalize the first letter of every word.
- Change certain letters into symbols or numbers (but be creative and avoid these overused and too-obvious substitutions: the number 0 for the letter o, the symbol @ for the letter a, the number 1 for the letter l, and the number 3 for the letter e).
- Decide what to do with spaces: Don’t use any, keep some, or replace some with a specific symbol or number.
- Put your meaningful number in a specific spot.
Example of a secret code password:
- “Stone, Roberts, East Roberts” plus the first month at Cornell, August 1975, becomes St%08, R%b, E^s75R%b
The rules for this secret code: The first letter of every word is capitalized. Each word is abbreviated to the first three letters. The letter a is the symbol ^ and the letter o is the symbol %. The spaces that follow the commas are kept. The first part of the number goes after the first word, and the last part of the number goes before the last word.