Understanding Passkeys
Passkey login is currently the gold standard for logging in with the most security. Now available to all faculty and staff.
This article applies to: Secure Connect
Cornell launched Secure Connect as Cornell’s passkey service. It only takes a few minutes to register your device and start using the most secure form of account protection available.
A passkey is a new way to securely log in to services without needing a password. A passkey uses a complex set of formulas to generate an extremely strong, and unique, key on your device, which means you don’t have to create and memorize a bunch of passwords.
Hold the phone! How do you log in without a password?
The trick to the passkey is that it’s stored on your devices, and only on those devices. When you use a passkey to log in to a system, you “unlock” it from your device. The most secure way to do this is with your biometrics, but sometimes you can use your device’s password or PIN as well.
We guarantee that a passkey is much more secure than password2024 by several million factors.
Passkeys at Cornell
When you have a passkey set up at Cornell, services that use CUWebLogin are as easy as a touch. So instead of this:
followed by this:
You can just touch your fingerprint reader and you’re in.
Speaking of security, hackers can’t steal your passkey
Your passkey exists in a highly encrypted file right on your computer. To unlock that passkey, you must unlock your computer personally. Remember, the most secure way to do this is through your face or your fingerprint (your biometrics). At Cornell you can also use your PIN or password (but only on Cornell-owned devices).
A note about biometrics and privacy
Many people hesitate to use a fingerprint or face image for security purposes, fearing that someone will use the data to re-create their face or fingerprint.
Biometric data (the whorls of your finger and the details of your warm smile) stays on your device and cannot be stolen to recreate and impersonate your likeness.
To reiterate, your biometric data is never shared, transmitted, or stored with Cornell or a third party. Once again you have complex math to protect your biometric privacy.
Shoutout to the mathematicians whose research invented the methods protecting our data. (Did you know that 40% of adults wish they’d paid more attention to math in school?)
Set up Secure Connect on your device
Cornell launched Secure Connect as Cornell’s passkey service. It only takes a few minutes to register your device and start using the most secure form of account protection available.
Passkeys aren’t just for Cornell
Because they’re so secure, more and more companies already offer you the option to log in with one. Banks, Google, tax services – anything that potentially stores valuable personal information – are better protected if you put your security directly into the palm of your hand.
Comments?
To share feedback about this page or request support, log in with your NetID