Computer security includes the use of secure passwords for your network, e-mail and other confidential access points.

Passwords must never be written down or recorded. Users should never share or divulge their password to anyone. Each user is accountable and responsible for any action taken with their username and password. No Cornell employee or administrator should ever ask a user for their password, and even if they do, the user should not reveal it to anyone, no matter how plausible the reason. Any password that is known or suspected to be compromised must be changed immediately.

Password Selections

Strong passwords are required for employees and students and must:

  • Contain at least 8 characters
  • Contain at least 3 of the following character types:
    • Upper alpha (ABC)
    • Lower alpha (abc)
    • Numeric (123)
    • Special character (/ [ - = + ! # $ etc)
  • Not contain a keyboard pattern such as "qwerty"
  • Not contain a repeating character sequence such as "aaa"
  • Not be similar to your current password
  • Not be similar to your logon name
  • Not be similar to your name
  • Not be similar to any of your recently used passwords

Password Expiration

Passwords issued for temporary IDs, password resets, and locked out IDs are all reset to expire immediately. The recipients of temporary passwords will then be forced to change their passwords at their first login opportunity.

A suggestion is to create a strong password phrase and then develop your password from it. That may be easier than trying to remember a random combination of characters. For example, "One of the Nation's Best, One Course At A Time" might yield the following password: oNB1c@T. This password meets the strong password criteria of 8 characters, upper and lower case, numerical, and symbols. And as you can see, "One of the Nation's Best, One Course At A Time" is a lot easier to remember than oNB1c@T.