Managing your Password

CAC has a password policy in effect. Manage (reset/change) your CAC password here: Manage CAC password. Each password must have at least eight characters and must contain at least three of the following four elements:

  1. uppercase letters
  2. lowercase letters
  3. special characters
  4. digits

Your password can be set or changed on any of the CAC login nodes, and the password will be updated on all CAC resources. Passwords expire every six months. Do not share your password. There are more detailed instructions below.

Rules for creating passwords

Do not share your password. Each user should be the only one to know the password for his or her account. Well-chosen passwords are essential to preserve the integrity of the system and individual user accounts. Never leave your password in plain text (unencrypted) in any of your files. Passwords stored in this way are easily stolen.

When you change your password, the new password must comply with our password complexity policy:

  • Each password must have at least eight characters.
  • Each password must contain at least three of the following four elements among its first eight characters:
    • uppercase letters (English, A through Z)
    • lowercase letters (English, a through z)
    • special characters (for example, !, $, #, %).
    • digits (0 through 9).
  • Do not use a space in a password. Though technically allowed, it may be a source of confusion.
  • Do not form a password by appending a digit to a word--this type of password is easily guessed.
  • Each password must differ from the user's login name and any permutation of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
  • New passwords should differ from the old by at least three characters.

If you need additional ideas for creating a new password, Cornell IT has a password generation recipe.

Locked accounts

There have been instances in which user accounts have been locked. Some common causes of locked accounts and the solutions are:

  • Mistyping your password several times in a row.
    Solution: Wait about a 1/2 hour and then try again. Be sure that your caps lock key is not on!
  • Trying to login to a Windows login node by using SSH when you have a new or expired password.
    Solution: Login to a Windows login node using Remote Desktop Connection or SSH to a linux login node.
  • Failing to log off all other sessions connected to login nodes.
    Solution: Log off all remote connections. Disconnecting the sessions is not enough.
  • Failing to disconnect locally mapped drives to the CAC file server before changing your password.
    Solution: Disconnect all locally mapped drives, wait a 1/2 hour until account is unlocked, and then re-map the drive with the new password.

If you can't log on or can't wait you can submit a Password Reset ticket on our issue tracking system.