Skip to main content
IT Service Status
IT Service Status

Staying Secure Together: Why Strong Passwords and Vigilance Matter More Than Ever

Posted Date: March 17, 2026

Cyberthreats targeting higher education are a constant reality. Attempts to gain access to University accounts happen around the clock, and they continue to grow in scale and sophistication. To stay ahead of these threats, Northwestern IT recently implemented several enhancements to strengthen our overall security posture and better protect University systems, data, and our community.

These updates are part of an ongoing effort to reduce risk and respond to the evolving cyber landscape. While many of the changes happen behind the scenes, some are visible to users—especially when it comes to passwords and account access.

What’s Changing—and Why

One of the most important updates is an increase in the minimum length required for NetID passwords. When resetting a NetID password, users will now be prompted to create a password or passphrase that is at least 16 characters long. Longer passwords are significantly harder to crack and provide stronger protection against common attack methods.

In addition, Northwestern has further enhanced protections around repeated failed login attempts. After five unsuccessful tries, accounts will temporarily lock for 30 minutes, helping to prevent unauthorized access while still allowing legitimate users to regain access shortly thereafter. The Duo “Remember me” feature will be updated as well and will remember users for a 24-hour window. As a reminder, on supported devices, biometric authentication methods (TouchID for MacOS and Windows Hello for Windows) and Yubikeys can be used as well. Learn more about adding these methods to your Duo.

Together, these measures strengthen our defenses while minimizing disruption—and they work best when everyone plays their part. Please also remember to never approve a Duo Mobile Verified Push code that you did not request.

Your Role: Proactive Steps You Can Take Now

Even if you haven’t been prompted to reset your password recently, now is a good time to take a moment and make sure your NetID password is strong, unique, and up to date. A few best practices can make a meaningful difference:

  • Use a strong, unique password or long, memorable passphrase. A phrase made up of several unrelated words is often easier to remember—and more secure—than a short, complex password.
  • Never reuse passwords. Your NetID password should be unique and not used for personal or other work-related accounts.
  • Consider a password manager. Tools like Northwestern’s approved password manager, 1Password, can generate strong passwords, store them securely, and even alert you if a password appears in known data breaches.
  • Keep your credentials private. No one at Northwestern will ever ask you to share your password or passphrase.
  • Log out fully when using shared or public computers.

Step-by-step instructions for updating your NetID password are available in the IT Knowledge Base, and the IT Service Desk is always available to help if you run into issues. You can contact the desk by calling 847-491-4357 (1-HELP), emailing consultant@northwestern.edu, or visiting the Evanston walk-in location in the University Library.

Security Is a Shared Responsibility

Protecting the University’s information is not just an IT responsibility—it’s a shared effort across students, faculty, and staff. Small actions, like choosing a stronger password or using a password manager, help reduce risk for everyone.

Cyberthreats aren’t going away, but by staying informed, vigilant, and proactive, we can continue to strengthen Northwestern’s security together. To learn more about protecting your information and identity or reporting a security incident, visit the Information Security Office’s website.