See Yourself in Cybersecurity

Multifactor Authentication

Two-Step Verification

Also alternatively known as two-step verification however, no matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. While Auburn University uses DUO for most multi-factor authentications, OIT strongly encourages all affiliates to utilize MFA for accounts that provides valuable personal information.

The latest MFA digital attack that has become popular is MFA fatigue, MFA Spamming, MFA bombing, however it is called, this is a technique used by attackers to flood a user’s authentication app with push notifications in the hope they will accept, enabling the attacker to gain entry to an account or device. Never accept a push notification that you did not initiate and immediately report this activity to OIT.

Week 1 Digital Scavenger Hunt:

Your password alone isn't enough,
you must use more to be up to snuff.
MFA prompts can be quite Fatiguing,
see if you find the third line intriguing.

Helpful Resources

Auburn and Duo

Digital Signage


Don’t Take the Bait

Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to for when receiving an email.

Some quick tips on how to clearly spot a fake phishing email include:

  • Contains an offer that’s too good to be true
  • Language that’s urgent, alarming, or threatening
  • Poorly crafted writing with misspellings, and bad grammar
  • Greetings that are ambiguous or very generic
  • Requests to send personal information
  • Urgency to click on an unfamiliar link or attachment
  • Strange or abrupt business requests
  • Sending e-mail address does not match the company it is coming from
  • I’ve received a suspicious email -what should I do?

    You’ve already accomplished the most challenging part of recognizing an email as being suspicious and could be a phishing attempt. If the email came to your Auburn email, use the “Report Phishing” icon in Outlook, Outlook mobile app, or Outlook web app as quickly as possible. This ensure the suspicious email is sent to the OIT security team who will investigate and block others from receiving the email if it is part of a larger phishing expedition.If you received the email within your personal email address, do not click on any links (not even the unsubscribe link) or reply to the email and just DELETE it.

    Week 2 Digital Scavenger Hunt:

    You can’t see this fish from the bank
    you’ll have to visit Auburn’s PhishTank.
    For the next clue, who sent it to Stu?

    Helpful Resources

    The PhishTank Phish Awareness

    Digital Signage

    Password Management

    Use a Password Vault

    We’ve all probably used one password to secure multiple, maybe even all, of our digital accounts. But that’s not safe, and it becomes even more unsafe as time goes on. If your one password gets stolen because of a breach, it becomes a skeleton key for your whole cyber life. This compromised password can be used to gain access to all your accounts and your sensitive information.

    Password managers are pieces of software that often take the form of apps, and browser plugins or they might be included automatically in your browser or computer operating system. These programs store your usernames and passwords in a secure, encrypted database. When you need a new password, you can get a hyper-strong suggestion that is automatically stored in the password manager. With a few clicks, you can generate new, secure passwords that are long, unique, and complex. Now you only need to remember the single password that unlocks your password manager vault.

    Auburn University students and employees are strongly encouraged to sign up for LastPass -a free software manager available for Auburn users.

    Week 3 Digital Scavenger Hunt:

    Changing passwords makes remembering a pain,
    I forgot my last password again.
    If you can Manage, Stu will share with you.

    Helpful Resources

    How do I use LastPass?

    Digital Signage

    Build Strong Passwords

    Build Strong Passwords

    It is recommended that Auburn students, faculty and staff never use similar passwords in the event one is compromised. All passwords should contain three key building blocks: Long, Unique, Complex.

  • Long – Every one of your passwords should be at least 12 characters long.
  • Unique – Each account needs to be protected with its own unique password. Never reuse passwords – especially your Auburn password. This way, if one of your accounts is compromised, your other accounts remain secured.
  • Complex – Each unique password should be a combination of upper-case letters, lower-case letters, numbers and special characters
  • Excellent - If your password contains all three, you've achieved excellency.

  • Week 4 Digital Scavenger Hunt:

    If a password is Complex, Long, and Unique, it is Excellent.
    Got the clue? It’s easy to do.

    Previous Cybersecurity Awareness Campaigns

    2019 Campaign Icon 2018 Campaign Icon 2017 Campaign Icon 2016 Campaign Icon 2015 Campaign Icon 2014 Campaign Icon 2013 Campaign Icon 2012 Campaign Icon 2011 Campaign Icon 2010 Campaign Icon 2009 Campaign Icon 2008 Campaign Icon 2007 Campaign Icon