What To Do When You Get a New Device

Did you get a new laptop or smartphone over the winter break? You’ve invested in a new device so take the time to ensure it is cyber-secure and prepared for your campus life needs. Here are three steps to prioritize before you spend your life on that new device:

  1. Whether you plan on donating or reselling your old device, before doing so, back up all data into a secure cloud or drive to keep it safe and private, so it’s available when needed. According to Wired, you should wipe all of your old device’s data by factory-resetting your device (an option in your device’s settings options) to safeguard your information from falling into the wrong hands.  
  2. Set up the new device for use with DUO to approve GatorLink logins. Also, configure your device to eduroam to have the fastest internet available on campus. 
  3. When creating a password or PIN for your new device, don’t even think about using ‘1-2-3-4’ or ‘2-5-8-0’, Gators! If possible, avoid saving personal login info and payment details because if you do, cyber criminals can easily steal these if they hack into the device.

Visit https://security.ufl.edu/protect-yourself/protect-my/mobile-device/ for more tips on keeping your devices and information secure.  

MFA Bombing On the Rise at UF

MFA bombing attacks are increasing at UF. MFA bombing is a tactic used to circumvent your UF account’s multi-factor authentication measures. During an MFA bombing, the attacker uses your stolen username and password to repeatedly send ‘Duo Push’ notifications and/or phone call requests, hoping after multiple notifications you will give up and approve the Duo request. Approval will give the attacker access to your GatorLink account. If an attacker can MFA bomb you with repeated Duo requests, it means your GatorLink password is compromised and the attacker is trying to sign in using the stolen password.

To stop the onslaught of Duo attempts, you’ll need to reset your GatorLink password. Visit the GatorLink Account Management portal, select “Forgot/Reset Your Password,” and follow the prompts after selecting “Self-Service Reset.” You will be asked to provide your UFID, Gatorlink username, and additional information used to verify your identify.

It is important to use “Forgot/Reset Your Password,” and not “Change Your Password,” because the latter requires you to sign in–and you may accidentally approve the attacker’s Duo Push instead of your own requested notification!

The Duo requests should stop soon after resetting your password. (It may take a few moments for the attacker to get kicked out.) For more information on MFA bombing, visit UF’s Information Security website’s MFA bombing page.