Refreshing Your Account Security

UF Information Technology (UFIT) recommends evaluating the security of all of your online accounts. Strengthening your passwords for important accounts such as personal email, online banking access, and social media can protect you from some of the most damaging hacks. 

It is extremely important to use a different password on each site, so hackers can’t use passwords stolen from one account to break into your other accounts. One strategy recommended by security professionals is to use a “passphrase” made up of four or more random, unrelated words. Surprisingly, this is a stronger password than one made up of random letters and characters and is much easier to remember!  UF requires strong passwords for GatorLink account credentials. A common misconception about your GatorLink credentials is that you can’t use words found in a standard American dictionary as your password. But if your password is longer than 18 characters, then words are allowed. So, the next time you update your UF credentials, consider using a passphrase.

UFIT also recommends setting up multi-factor authentication (MFA) on your non-UF critical accounts. MFA solutions for external applications work like how Duo Mobile works at UF: your mobile device generates a one-time access code that you enter to access the account. By configuring MFA on your accounts and using the ‘Authenticator App’ option when doing so, you add an extra layer of security even if hackers compromise your password. All mobile devices can store MFA codes in the same Duo Mobile app you already use for UF. Alternatively, Apple devices can store those MFA codes in iCloud Keychain, where they will sync and autofill across your personal devices (including Windows via the iCloud application).

Beyond MFA, some companies now offer support for passkeys. A passkey uses an on-device verification mechanism, such as Face ID or a screen lock passcode, to verify your identity and allow access to an online account. Passkeys by design are more secure than passwords and provide protection against phishing, because they don’t require you to remember anything! Check out this demo to discover how passkeys work and visit the Passkey Directory for a list of websites that support passkeys today. 

Taking steps to secure your accounts is an investment in protecting your identity, money, and online image and reputation. For more information on creating secure passwords: 

Simple Changes to be More Cybersecure

Checking the age of your passwords and reviewing an email link or attachment before opening it can go a long way in protecting yourself from a cyber attack. It’s the world we now live in, so here are some reminders that could save you a lot of heartache and financial and/or identity problems:

1. Check before you click.
Never click on links or open attachments without inspecting the email first. With the enormous volume of malicious emails created and sent every day, being cautious is crucial. Always hover over the email address and look for signs of a scam.
2. Protect and update your passwords.
When was the last time you updated your passwords? Experts recommend updating them every 60 days! Not only should you update passwords, but you should use a passPHRASE. The longer your passwords are, the better.
3. Never leave your electronic devices unattended.
As tempting as it is to ask someone to watch your laptop while in Marston, don’t take this risk. Always take your portable items with you, even if it’s just “for a minute” while you are at the reference desk.

For more ways to be cyber aware, read the Psychology of Phishing story on UFIT News or visit the Information Security Office website.