Skip to main content

Cornell University

Understanding Passkeys

Passkey login is currently the gold standard for logging in with the most security. Now available to all faculty and staff.

This article applies to: Secure Connect

Cornell launched Secure Connect as Cornell’s passkey service. It only takes a few minutes to register your device and start using the most secure form of account protection available.

A passkey is a new way to securely log in to services without needing a password. A passkey uses a complex set of formulas to generate an extremely strong, and unique, key on your device, which means you don’t have to create and memorize a bunch of passwords. 

Hold the phone! How do you log in without a password? 

The trick to the passkey is that it’s stored on your devices, and only on those devices. When you use a passkey to log in to a system, you “unlock” it from your device. The most secure way to do this is with your biometrics, but sometimes you can use your device’s password or PIN as well. 

If this seems a little like waving a magic wand over how a passkey works, that’s because passkeys use public key cryptography, the science of which fills a series of upper-level computer science courses.

We guarantee that a passkey is much more secure than password2024 by several million factors.


Passkeys at Cornell

When you have a passkey set up at Cornell, services that use CUWebLogin are as easy as a touch. So instead of this:

Standard CU WebLogin page

followed by this:

A duo push screen

You can just touch your fingerprint reader and you’re in.

Do you notice something important with this option? If you don’t type your password into a web page, which can be (and has been) spoofed then you can’t get tricked into giving it to a criminal.


Speaking of security, hackers can’t steal your passkey

Your passkey exists in a highly encrypted file right on your computer. To unlock that passkey, you must unlock your computer personally. Remember, the most secure way to do this is through your face or your fingerprint (your biometrics). At Cornell you can also use your PIN or password (but only on Cornell-owned devices). 

A note about biometrics and privacy

Many people hesitate to use a fingerprint or face image for security purposes, fearing that someone will use the data to re-create their face or fingerprint.

Biometric data (the whorls of your finger and the details of your warm smile) stays on your device and cannot be stolen to recreate and impersonate your likeness.

To reiterate, your biometric data is never shared, transmitted, or stored with Cornell or a third party. Once again you have complex math to protect your biometric privacy

Shoutout to the mathematicians whose research invented the methods protecting our data. (Did you know that 40% of adults wish they’d paid more attention to math in school?)

Set up Secure Connect on your device

Cornell launched Secure Connect as Cornell’s passkey service. It only takes a few minutes to register your device and start using the most secure form of account protection available.

Passkeys aren’t just for Cornell

Because they’re so secure, more and more companies already offer you the option to log in with one. Banks, Google, tax services – anything that potentially stores valuable personal information – are better protected if you put your security directly into the palm of your hand.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.