Tag Archives: security

Bobbing For Credentials: What An Suspicious Email Could Mean

Let’s play a little situation out here today. So you’re getting ready for the day and you decide to check your email. Then you see something that catches your eye. “IMPORTANT INFORMATION FOR UW STUDENTS!!!” It reads, so you open it because it’s in bold and begging for your attention. It reads something along the lines of your account has a problem with it and you need to sign in to fix the error. There’s a link highlighted in blue, you click on it and it brings you to a sign in page that looks 100% identical to any old UWYO sign in page. But you notice that the URL in the search bar doesn’t look right at all. There’s no .edu in it at all. It looks like a garbled mess of characters and symbols. But you figure this is a special occasion right? So you enter your credentials just like normal but to your surprise, you get a 404 error or something similar to it.

You’ve become a victim of what is called a Phishing email. That basically means that your account credentials have been stolen. Luckily for you, our UWIT Security Team has put some safe guards in place to know when someone is logging in that isn’t you. But that doesn’t guarantee the safety of your account. So if this happens to you and even if you’re not sure if you gave your credentials out or not, Call the Help Desk anyways at 307-766-4357 option 1 and we can help you protect your account and make sure it’s safe!

Why Can’t I Connect This?! (Internet Troubles)

So you’ve successfully moved in and gotten everything plugged in. But now you can’t add your smart TV or Chromecast to the wifi because you can’t sign in like normal. What gives? How does one add their devices to the wifi without the proper security settings to allow you to sign into your uwyo account?

Thankfully there is an easy workaround. You simply need to purchase a WiFi router. That way your devices can connect to the router because it doesn’t require the same security as does our wifi. If you can hardwire the router into it, you’re good to go! You just need to make sure you secure your router with a good password so that nearby students don’t try to piggyback off of it.

If you’re not sure what router to purchase, you may need to do some homework on it. Keep in mind that despite what your router may say about its speed, it still is dependent on your ISP (Internet Service Provider). If they can provide a good internet connection and good speed, then you’re golden and your router can get to those speeds it boasts about. However, that usually is not the case so bear that in mind when purchasing a router.

As always, if you do have difficulty with setting any of this up, you can always bring it into the service center or call the help desk for troubleshooting! Have a great day everyone!

Google’s Two Factor Authentication. What It Is And Why You Should Do It.

security

If you’ve never heard of two factor authentication, it’s simply an added login step to ensure security on your account by using a trusted device such as a smartphone or a tablet. When you initially log in, you’ll be prompted for a verification code in most instances, that number is pushed to a trusted device (your phone) and you enter that number that was given to you and bam, you’re logged in. Seems pretty simple right?

But unfortunately, so many people simply refuse to enroll in these security measures simply because they don’t want to wait for a verification code and enter it so they usually opt-out of this. Google has started offering this and for very good reason. Google has so many different services such as youtube, gmail, google drive, docs, sheets… I could go on for a while. You don’t want some random person in a random country gaining access to all that do you? Granted some may not use all these services, and while others may rely more on it it’s still important to protect your account. If you want more information from Google’s end on this, go here.

Luckily google has made it VERY easy to secure your account. You have 3 options: USB Authentication, Text Code and simply pressing “yes” on a trusted device. The choice is up to you on how you want to authenticate but in case if any of you were wondering how on earth verification works via USB, its pretty simple actually and my preferred method of login. Yubikey supplies special USB keys that are cheap (depending on the model) that when you plug it in, it registers that key so when you log in next time, you simply plug in the USB Key and press the key icon and your in!

Finally you have the option to mark a computer as trusted so that you won’t have to use two factor on it again. Just make sure you don’t use it on public computers that others use!

That was today’s helpful tip, if you like what we do here, go ahead and subscribe to our blog and follow us on Facebook and Twitter!

The Heartbleed Bug – Maybe Time to Update Your Passwords

As you have probably heard, there is a very prevalent hole in the security of heartbleedmany secured websites (the ones that say https:) called The Heart Bleed Bug. The Heart Bleed Bug posed a huge threat because it could steal information that was protected by SSL/TLS encryptions. More information on the details of the virus can be found on the Heart Bleed website. If you were affected you probably received an email from the affected company explaining the impact and telling to change your password.  You want to make sure the bug is fixed on a site before you change your password or you may still be at risk.  Here is a list of common sites, whether they were affected, and if they have fixed the bug and it is safe to change your password.

While you are changing passwords, now is a great time to look at best practices for passwords and tools to make managing them easier.

Most of us without knowing it are making mistakes when it comes to security online. The easiest one is saving of passwords to browsers. It is so easy to just save your password to Facebook so all you have to do is go to the website and you are ready to stalk your friends. However, This practice is dangerous since the browser either does not encrypt the passwords or the encryption is stored right next to the password making it far too easy to decipher. An easy way to fix this butheartbleed 2 still have benefit of not having to type your password every time is using a password vault such as Lastpass and Apple’s iCloud Keychain.

These programs take your security to the next level in a couple different ways. The first is all your passwords are different! They require that you log into the heartbleed 3program with one password then it creates different passwords for all your saved sites. This is great for you since now all you have to do is remember one password (which most of us already do) and you don’t have to add weird variations (password1, Password1*, passWord11**, etc.). Another great thing about Lastpass and iCloud Keychain is that it secures all your data because it creates strong and unique passwords that you don’t have to remember.

Complex, unique passwords for each site and you don’t even have to remember them!  Makes it so much easier to be secure on the Internet.