Enhanced Device Safety

Eventually, Beyond Identity (Cornell's passkey provider) will check how secure a device is before allowing it to access sensitive Cornell resources. For example, Cornell may need to confirm that your device is encrypted and has approved security software installed and running. The more sensitive a system you want to access, the more secure your device needs to be. 

After an initial, small, pilot trial, enhanced device safety will gradually be required by sensitive online campus services. This phased rollout is likely to happen over several months.

Ways You Can Prepare 

Start using passkeys

You can enroll in passkey login through Secure Connect now. 

Improve your device

• If your device does not offer biometrics, when you replace it, make sure it has biometric capability.
• The technical details for "device security" are currently in the development phase. Broadly, your device will be required to meet standards set by University Policy 5.10, Information Security.

Practice good device security

Reduce the chance that bad actors compromise your machine without your knowledge. For example:

• enable whole-disk storage encryption so that your data stays scrambled from prying eyes.
• turn on automatic updates for operating systems and applications, especially web browsers, so that they stay up-to-date on the latest security patches.
• use an inactivity timeout (screen lock) on your device in case a "quick chat" turns into a coffee break and you forget to lock your computer.
• use malware protection to keep it from sneaking onto your device.
• take advantage of backup software so you can recover valuable data without paying ransom.

Certified Desktop is a great way to implement these safety features, and keep them automatically updated with minimal work on your part. 

Adopt Smart Internet Skills

Tips to Minimize IT Security Risks contains good advice about your first level of internet safety -- what you do (or don't do!) on your computer in the first place.