Week 3: Account Safety
Keeping your account credentials safe is critical. If an attacker obtains access to your password, they gain access to your data, including your email, files, personal information, and even your money!
In addition to creating strong unique passwords for your accounts, you should also use 2-Factor Authentication (2FA) wherever possible. Whereas a password is a combination that you know, 2FA is a secondary method of proving your identity with something you have access to.
With 2FA enabled, after you authenticate with your password, you will be prompted to prove your identity with an additional step. For example, when using 2FA with Duo, you can choose to receive an SMS message, a Push notification to the Duo app on your cell phone, or even a phone call to retrieve an access code. You would enter the random code provided to complete the login process. Services such as Amazon, Google, GitHub, Facebook, and Twitter are some of the applications that have enabled the use of 2FA. You can check if your service providers offer 2FA by visiting twofactorauth.org.
UIC uses UI Verify (University of Illinois Duo 2FA implementation) to protect access to applications that store sensitive data such as that of Nessie/HR Services and Banner. For more information on UI Verify, please visit verify.uillinois.edu. UIC will continue to expand the list of applications protected by UI Verify.
Reasons why you should use 2FA:
In the case that your password is compromised
- Bad actors will not be able to authenticate to your accounts protected by 2FA unless they have access to your cell phone or authentication code/token.
- 2FA notifications can actually alert you that someone is attempting to log into your accounts with your credentials.
- 2FA would temporarily protect your account until you can change your password.
You log into a phishing sites
- Fake sites cannot trigger an active request for your 2FA code. If this happens, immediately change your password.
- Beware of login pages that ask for your UIC NetID, password, and 2FA code on the same page.
Account Safety Tips:
- Use 2-Factor Authentication whenever and wherever possible.
- Beware of where you enter your password — watch out for phishing sites (we talked about this in week one).
- Change your password to a completely different password at least once a year, or whenever you suspect it might be compromised. If a bad actor already has part of your previous password, they only have to guess the few additional characters or increment the numbers.
- Never log into a device you do not own without clearing out your credentials before you log off.
- Use a private browsing session whenever possible to automatically remove credentials when you finish.
- Consider using a password manager to help you create and securely store strong passwords.
Check if services you use support 2FA by visiting twofactorauth.org and follow the directions to enable 2FA for your account.
Learn more about how to manage your passwords with a password manager by visiting:
Remember, don’t “show your cards,” or accidentally “stack the deck” in favor of the bad actor. Stay safe and “shuffle the deck” — Change Your Password!