Two-Step Verification
Also alternatively known as two-step verification however, no matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.
Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. While Auburn University uses DUO for most multi-factor authentications, OIT strongly encourages all affiliates to utilize MFA for accounts that provides valuable personal information.
The latest MFA digital attack that has become popular is MFA fatigue, MFA Spamming, MFA bombing, however it is called, this is a technique used by attackers to flood a user’s authentication app with push notifications in the hope they will accept, enabling the attacker to gain entry to an account or device. Never accept a push notification that you did not initiate and immediately report this activity to OIT.
Week 1 Digital Scavenger Hunt:
Your password alone isn't enough,
you must use more to be up to snuff.
MFA prompts can be quite Fatiguing,
see if you find the third line intriguing.
Helpful Resources
Digital Signage
Don’t Take the Bait
Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to for when receiving an email.
Some quick tips on how to clearly spot a fake phishing email include:
I’ve received a suspicious email -what should I do?
You’ve already accomplished the most challenging part of recognizing an email as being suspicious and could be a phishing attempt. If the email came to your Auburn email, use the “Report Phishing” icon in Outlook, Outlook mobile app, or Outlook web app as quickly as possible. This ensure the suspicious email is sent to the OIT security team who will investigate and block others from receiving the email if it is part of a larger phishing expedition.If you received the email within your personal email address, do not click on any links (not even the unsubscribe link) or reply to the email and just DELETE it.
Week 2 Digital Scavenger Hunt:
You can’t see this fish from the bank
you’ll have to visit Auburn’s PhishTank.
For the next clue, who sent it to Stu?
Helpful Resources
The PhishTank Phish Awareness
Digital Signage
Use a Password Vault
We’ve all probably used one password to secure multiple, maybe even all, of our digital accounts. But that’s not safe, and it becomes even more unsafe as time goes on. If your one password gets stolen because of a breach, it becomes a skeleton key for your whole cyber life. This compromised password can be used to gain access to all your accounts and your sensitive information.
Password managers are pieces of software that often take the form of apps, and browser plugins or they might be included automatically in your browser or computer operating system. These programs store your usernames and passwords in a secure, encrypted database. When you need a new password, you can get a hyper-strong suggestion that is automatically stored in the password manager. With a few clicks, you can generate new, secure passwords that are long, unique, and complex. Now you only need to remember the single password that unlocks your password manager vault.
Auburn University students and employees are strongly encouraged to sign up for LastPass -a free software manager available for Auburn users.
Week 3 Digital Scavenger Hunt:
Changing passwords makes remembering a pain,
I forgot my last password again.
If you can Manage, Stu will share with you.
Helpful Resources
Digital Signage
Build Strong Passwords
It is recommended that Auburn students, faculty and staff never use similar passwords in the event one is compromised. All passwords should contain three key building blocks: Long, Unique, Complex.
Week 4 Digital Scavenger Hunt:
If a password is Complex, Long, and Unique, it is Excellent.
Got the clue? It’s easy to do.