All new users will receive an email when their CCR account is ready for activation.  In order to activate your CCR account, you will need to select 1 authentication question and enter your answer to the question.  This will be used in the event that you forget your password and need to reset it.   You will also be asked to select a new password and agree to the terms of use as dictated by the University at Buffalo Computing Policy.  Account activation links Are TIME SENSITIVE!  The links in the new account activation emails are only valid for 24 hours!  If you do not activate your account within this time window, the link will not work.  Please contact CCR Help to request a new link.


You should see this page after clicking the Update button during the activation process.  If you don't, your account may not be activated.  Please contact CCR help if this happens to you.


The link you sent me doesn't work!

As stated in the section above, the links in the activation emails we send are only valid for 24 hours.  You will get a page that looks like this if your link is expired.  Please contact CCR Help to issue you a new link.

Occasionally these links do not work in Internet Explorer.  If you know the link is still active, please try using Firefox or Chrome on machines running Windows operating systems.  If it still doesn't work, please contact CCR help.

How do I know these emails aren't a phishing attempt?

This is a GREAT question and we strongly encourage users to question any type of email asking you to update account information or provide passwords.  We take security very seriously and will always take the following measures when communicating any account related changes with you:

1. All account activation email communication will be digitally signed using our PGP key:

2. Our website will always be updated with instructions and related information. Ensure you're viewing our website using a secure (https) link and verify that the SSL certificate is valid.

The email message sent to all CCR users has a PGP signature.  Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.  Some email clients will recognize the email is signed and give you options for verifying the PGP signature.  If your email client doesn't, you can login to one of the CCR servers and verify that the signature is authentic.  The steps for verifying this are below:

Save a copy of the email sent from CCR as a text file on one of the CCR servers (rush, presto, etc).

Import the CCR public key for comparison with the email text:

gpg --import /util/ccr/pgp/ccr_help_key.asc

gpg: key C1F7CD96: public key "CCR Staff <>" imported

gpg: Total number processed: 1

gpg:               imported: 1  (RSA: 1)

gpg: no ultimately trusted keys found

Check the key fingerprint (optional):

gpg --fingerprint  C1F7CD96

pub   4096R/C1F7CD96 2015-08-27 [expires: 2025-08-24]

      Key fingerprint = DFAD E01B C0CA 44C5 FDC2  26C9 781A AE84 C1F7 CD96

uid                  CCR Staff <>

sub   4096R/CE2FB3C2 2015-08-27 [expires: 2025-08-24]

Verify the signature in the email against the CCR public key:

gpg --verify <your_text_file>


NOTE: The WARNING message means the public key wasn't signed by a certificate authority (like SSL certifcates are) but this does not mean the signature is invalid.  It just means you should ensure you obtained our public key through a trusted source, i.e. our website or directly from rush (using scp).  CCR's PGP information can be found HERE.  For more information about PGP, check out this website.