Skip to main content
more options

How to Choose a Strong NetID Password

Cornell's password complexity rules help ensure that everyone's password stays safe. When you choose or change your NetID password, it will be checked to ensure that it complies with the rules listed here.

Use at least 8 characters, including at least three of the following four character types:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Symbols found on your keyboard, such as blank spaces, or ! * - () : | / ?

Do not include:

  • Personal information, such as your NetID, names or nicknames of people, pets, or places, your address, birthday, or hobbies
  • Unchanged dictionary words, including recognized names such as "Cornell"
    For example:
    • Unsafe: hippopotamus
      Safer: H*P@ptmZ
    • Unsafe: refrigerator
      Safer: rFRgr8Tr.
    WARNING: Do not use any of the example passwords shown here.
  • Repeated characters, such as AAA or 555
  • Alphabetic sequences, such as abc or CBA
  • Numeric sequences, such as 123 or 321
  • Common keyboard sequences, such as qwerty or pas
  • Simple substitutions such as zero for the letter o.

Use Cornell’s password strength checker to make sure all your passwords are strong. Go to netid.cornell.edu, and click Do you have a strong password?

Passphrases: Making Complex Passwords Easier to Remember

Some people find creating a password that is associated with a phrase (a passphrase) easier to remember. By virtue of its length, a passphrase is stronger than a password. The drawback to using passphrases is some services do not support long passwords.

  1. Pick a phrase that is at least 4 words long. A passphrase could be:
    • A line from your favorite song
    • The punch line of a joke
    • A sports chant, or anything else!
  2. Add complexity. Create a set of rules for your passphrase, such as:
    • Capitalize the first letter of each word
    • Add punctuation
    • Truncate words—the more nonsensical, the better!
      • Change the word bloom to BM (obvious) or B^^ (less obvious)
      • Change the word spring to sPRg (obvious) or S*G! (less obvious)
    • Keep spaces or replace them with a symbol or number
    • Use letters or symbols to represent at least one word
    • Replace letters with symbols or numbers
  3. Apply the rules to all of your passphrases. For example:
    • If your passphrase is:  flowers bloom in spring
      After you apply complexity, it might be: flwrrZbl*mNsprg!
    • If your passphrase is:  basketball hoops have nets
      After you apply complexity, it might be: BktBhP5v.Ntz