In the Fall of 2024 Cornell faculty and staff had the option to adopt passkey technology -- sometimes known as one-touch login, or simply passkeys. Industries with valuable data -- like your bank -- love passkeys for their rock-solid security. People who use passkeys love it for the quicker, more secure, authentication.  

At Cornell, faculty and staff will continue to move to passkeys to prevent phishing and data theft. Using passkeys to log in is the first step in this process. The information below outlines some of the criteria that will help Cornell protect its assets, and yours.

The "Trusted Device"

When a criminal steals login credentials, they sometimes install software on your computer so they can hijack it. Cornell's passkey provider, Beyond Identity, will check to see if the computer you are using can be "trusted" to safely access a sensitive system. While not comprehensive, this might include a quick check of the following:

• Is Certified Desktop installed?
• Does it have anti-malware software?
• Is the operating system up-to-date?

After an initial, small, pilot trial, enhanced device safety will gradually be required by sensitive online campus services. This phased rollout is likely to happen over several months.

Accessing Sensitive Data

The other half of the equation is you - the person behind the keyboard. Faculty and staff who bear greater responsibility in their roles are expected to uphold a higher level of accountability to their departments or the university. 

The same is true for electronic access to data -- if you are a steward of sensitive information, then your online access needs a higher level of assurance. That way, when you log in a malicious actor can't piggyback on your credentials.

Ways You Can Prepare 

Start using passkeys

You can enroll in passkey login through Secure Connect now. 

Improve your device

• If your device does not offer biometrics, when you replace it, make sure it has biometric capability.
• As mentioned above, the technical details for a trusted device are currently in the development phase. Broadly, your device will be required to meet standards set by University Policy 5.10, Information Security.

Practice good device security

Reduce the chance that bad actors compromise your machine without your knowledge. For example:

• enable whole-disk storage encryption so that your data stays scrambled from prying eyes.
• turn on automatic updates for operating systems and applications, especially web browsers, so that they stay up-to-date on the latest security patches.
• use an inactivity timeout (screen lock) on your device in case a "quick chat" turns into a coffee break and you forget to lock your computer.
• use malware protection to keep it from sneaking onto your device.
• take advantage of backup software so you can recover valuable data without paying ransom.

Certified Desktop is a great way to implement these safety features, and keep them automatically updated with minimal work on your part. Use this link to see if your device is enrolled and compliant with certified desktop.

Adopt Smart Internet Skills

Tips to Minimize IT Security Risks contains good advice about your first level of internet safety -- what you do (or don't do!) on your computer in the first place.