Most users today have to keep track of sometimes dozens of passwords: for your Cornell resources (NetID), online banking information, e-commerce sites such as eBay or Amazon, and other web sites.
University policy forbids using your NetID password for other sites, and it is a poor security practice to use the same password for all these sites, so multiple passwords are a requirement.
Ideally, you would have a unique strong password for each of the following:
It does not matter how complex your password is, if other people can find it. Your password should always be kept private. If you keep a list of passwords stored on your computer, encrypt them.
The most secure way to store and manage passwords is to use one of many available password storage utilities. These utilities allow you to create one very strong password that is then used to encrypt and store all other passwords.
Obviously, the more passwords you have to use, the greater the temptation to write those passwords down to ensure they are remembered. If you need to write down a password, make sure the account with which it is associated is unclear. For example, do not write down the URL for your bank with your password written next to it. Instead, either write down the password, without listing what the password belongs to, or pick a word or phrase that will remind you of your bank, without being obvious.
Also, don’t use "remember password" utilities in your web browser or email client. They make it easy for someone to log in to your accounts if they gain access to your computer.
