You are here
Safe Computing at Pitt - Your Guide to Staying Secure Online
Wednesday, July 10, 2024 - 15:55
It's crucial to prioritize the security of your digital life. Cybersecurity threats are real and ever-present, but with the right practices and tools, you can protect your personal and academic information. Here's a comprehensive guide to safe computing at Pitt.
Password Security
Your password is the first line of defense against unauthorized access. Your Pitt computing account password is how you log into nearly every service at Pitt, via the Pitt Passport single sign-on (SSO) service. You also have passwords for dozens of other sites and services, from your bank or Amazon to your favorite streaming and entertainment sites. Here are some crucial tips to keep your accounts secure:
- Don't share your passwords with anyone. Not even friends or family members. Don’t let anyone log into any of your accounts. Even people you trust can accidentally do something that compromises your password, so treat them like a state secret!
- Never log into your account on someone else's device. Public or shared devices are more susceptible to malware and unauthorized access. Even a friend or family member’s personal device may inadvertently store your password in its browser. Similarly, don’t let other people use your computer – kids, friends, and parents can all accidentally downloaded malware.
- Three words: unique, long, and complex. You should never reuse a password on multiple sites. Your Pitt password should only be used for Pitt; your Amazon password just for Amazon. In addition, passwords should be at least 12 characters. They should include lower and uppercase letters, numbers, and special characters. A passphrase (!MyFavoriteAnima1sAreDo1phins!) can be easier to remember than random passwords; you can substitute some letters with numbers or characters (e.g., 1 for lowercase L, or $ for S).
- To help remember all your passwords, use Pitt Password Manager. This tool can generate strong, unique passwords for every account, and autofill them for you as you log into the sites. You only need to remember the master password for your Password Manager account.
Duo Multifactor Authentication
Pitt helps to secure your account by using Duo multifactor authentication (MFA). Duo MFA adds an extra layer of security by requiring a second form of verification in addition to your password. You can use Duo or site-specific dual authentication methods on many other sites. When you can enable MFA, do it! MFA combines something only you know (your password) with something only you have (your phone or your fingerprint).
Tips for Using Duo:
- Remember Me: You can set Duo to remember you for 24 hours when using the same browser on the same device. This means you won't have to authenticate every time you log in during that period.
- Reject Unauthorized Duo Pushes: If you receive a Duo push notification that you didn’t prompt by actively logging in to a service, deny it immediately! This is a sign that someone has your password and is trying to access your account. After denying the prompt, immediately change your password.
Security Training
All new students are required to complete security training. This training from KnowBe4 are short, fun videos that will provide you with essential knowledge and skills to protect yourself online. It covers how to spot a phishing email, social media risks, and other common tricks used by scammers and hackers. Make sure to complete it as soon as possible to familiarize yourself with Pitt's cybersecurity protocols! Just go to pi.tt/securitytraining.
Email Security
Phishing scams are common methods cybercriminals use to steal your information. They can have infected attachments, links to compromised sites, or encourage you to provide your secure and private information. Pitt employs several tools to help keep your email safe.
DMARC Email Validation: DMARC (domain-based message authentication, reporting & conformance) helps to reduce phishing scams by validating that emails that appear to come from Pitt are actually from a legitimate Pitt email address (aka – it detects spoofing).
External Flag: Emails sent to your inbox from outside of the University are flagged as being “EXTERNAL” in the subject line. Be wary of any email claiming to be from a member of the Pitt community or Pitt department that comes from an external sender.
Key Points About Email Safety:
- Beware of Quarantined Emails: Occasionally, DMARC and other screening tools will quarantine an email as being spam or suspect. It’s very rare for a legitimate email to be quarantined. You can release a quarantined email if it was legitimate, but be very cautious when doing so. It is very rare for legitimate emails to be flagged as dangerous.
- Avoid Auto-Forwarding Your Pitt Email: Pitt has various tools that can identify large-scale phishing attacks. We can then remove confirmed threats from the mailboxes of everyone who received it. But we only have access to email on our servers. If you forward your email to Google Mail or another provider, there’s not much we can do.
Secure Your Network with Pitt's VPN
When you're accessing restricted services while off-campus, it's essential to use a Virtual Private Network (VPN) to secure your internet connection. PittNet VPN (Global Protect) ensures that your data is encrypted and safe from prying eyes, whether you're at a coffee shop or on public Wi-Fi.
Mark Your Calendars: Cybersecurity Fair – October 25, 2024
October is Cybersecurity Awareness Month, and Pitt hosts the Tech Fest & Cybersecurity Fair to help celebrate it. This event is an excellent opportunity to learn more about staying safe online, participate in workshops, and engage with cybersecurity experts … all while getting free swag, OCC credit, and be entered for amazing raffles. Don't miss it!
Stay Safe, Panthers
By following these guidelines and utilizing the tools provided by Pitt IT, you can significantly enhance your cybersecurity posture. Stay safe and secure, and best of luck with your studies! For more information on safe computing practices, visit the Pitt IT security website at technology.pitt.edu/security.
-- By Haree Lim, Pitt IT Student Blogger
-- By Haree Lim, Pitt IT Student Blogger