Skip to main content

Cornell University

Manage Passwords Safely

This article applies to: Security & Policy

On This Page

Keeping your personal information, Cornell sign-in credentials, and important data safe means protecting your passwords. Anyone with active online accounts encounters dozens of passwords used to access Cornell resources, personal online banking, e-commerce sites, and other websites. Below you will find some guidelines for how to manage your passwords safely.

Be aware that University Policy forbids using your NetID password for any other sites or services, and it is poor security practice to use the same password for more than one site—so multiple passwords are a requirement.

Create unique, strong passwords

Make sure your passwords are:

  • Long (the longer, the better)
  • Complex (upper and lowercase letters, numbers, and special characters)
  • Unique (easy to remember, but difficult to guess)

Use one password for your Cornell NetID, and different passwords for each service you want to keep secure, such as personal device logins, online banking sites, or other key personal matters.

To read more about creating strong passwords, visit Strong Passwords for Your Computer, NetID, and Other Cornell Services.

Make your sign-ins more secure

  • Use multi-factor authentication. At Cornell, the standard is two-factor authentication, also known as Two-Step Login.
  • Don’t reuse a password across multiple sites or services. For example, don't use your Cornell NetID password for personal banking, shopping, or social media.
  • Avoid participating in social media surveys. Surveys that want to know the street you grew up on, your favorite pet’s name, or other personal trivia are actually collecting information you might have used in security questions—so don’t participate.
  • Similarly, don’t include personal information within a password. This includes favorite songs, movies, hometown, a pet’s name, and so on.
  • Change all temporary or default passwords on accounts or IT equipment. Always create a unique, strong password when opening a new app account or getting started with a new device. Never leave the default in use.
  • Check to see if you’ve been “pwned.” Online resources like Have I Been Pwned can show how widespread data breaches might be affecting your identity, underscoring the need to protect your passwords from malicious users.

Consider using a password management app

Password management apps can help you store and manage many passwords. They allow you to create one very strong password (typically called a master password or master passphrase) that is used to encrypt and store all other passwords.

For example, you may choose to manage passwords with LastPass, which Cornell has licensed as an optional service for students, faculty, and staff.

Avoid writing passwords down

Writing down passwords is not recommended. If you must write down a password, then:

  • Keep written passwords locked away in a file cabinet, desk drawer, or other secure location; be aware of who else may have access to or knowledge of those locations.
  • Never write down the URL of a service and the password for that site together; make sure anyone else reading it would have no idea which account it is associated with. For example, if you had a money bank shaped like a cat when you were a kid, you might write “cat” next to your bank password to help you remember what the password is for.
  • Add or change one or more of the characters in the password that only you know and memorize it; when you’re typing it simply remove or type the correct character(s).
  • Always enable two-factor authentication on websites, wherever available, so that if your password is stolen, there will be an additional layer of security.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.