What is Password Management?
Your password protects you from unwanted access to your accounts. In combination with your userid, your password verifies who you are and also grants you access to protected resources.
Learn how to make your password long and strong in order to protect your account and ways to keep your password safe from hackers.
Having a password phrase makes it easier for you to remember your password without making it easier for somebody to guess or hack.
What is multi-factor authentication?
Multi-factor authentication (MFA) is a security measure that offers an additional level of protection for accessing your personal information and sensitive university data by requiring an additional form of identification at login.
How does it work?
MFA at Kent State works by using something you know, your password, with something you have, a mobile device.
You will not receive an alert every time you log in!
Kent State’s MFA uses a multitude of variables to monitor the security of your login before sending an alert.
When something about your login is unusual, you will receive an alert message with a request to verify that you are trying to log in. If the unusual activity is, in fact, you, simply acknowledge the alert and carry on. However, if someone else is trying to log in to your account, the alert lets you deny them access.
Before setting up MFA, please read the following:
Use a laptop or desktop computer to complete the initial set-up.
Have your mobile device with you during set-up to scan a QR code and install the mobile app.
During set-up of the mobile app, you will need to allow access to your mobile device's camera when asked.
How to Set Up MFA
When a victim of a phishing scam, it's common practice for the hackers to change your signatures, forwards, filters, and other settings.
- A signature for an email is text that is automatically inserted at the end of an email. It is usually something you choose to set up and you decide when it gets inserted. Many people set it up to include their name and contact information.
- Forwards can be set up to automatically forward to another email address. You can specify if you want all emails forwarded, or only specific kinds.
- Inbox rules/filters can be used to automatically delete anything in your sent box, inbox, etc.
Learn how to check for these changes in the following clients:
Secure Your Devices
While mobile devices such as laptops, phones, USB flash drives, etc are convenient and allow data to be more accessible, they also come with a risk. If the device is lost or stolen, you can lose your data. Any private data on the lost or stolen device is at risk of becoming public, potentially exposing any client or employee data that might be stored on the device and exposing them to the risk of identity theft.
TIPS AND BEST PRACTICES
- Always lock your computer and mobile phone with a password or passcode, and never share your computer with others
- Always lock your room room/office whenever you’re away
- Never leave your computer or mobile device(s) unattended in public areas, even for a few minutes
- Don’t leave your devices in an unlocked vehicle, and never leave it in plain sight, even if the vehicle is locked
- If you must leave your devices in a vehicle, the best place is hidden in the trunk
- Carry your devices in a nondescript carrying case, briefcase, or bag when moving about
- Apply distinctive paint markings (such as indelible markers) to make your laptop unique and easily identifiable
- Only place sensitive information on a mobile device if it is absolutely necessary
- If you must store sensitive information on a mobile device, consider using encryption, a way of scrambling the data so that only somebody with the appropriate key can read it
- Back up your information using cloud-based storage or on portable media such as a flash drive or other backup media
- Protect yourself on public wireless networks
- Turn off your wireless and location information
- Avoid accessing sensitive accounts, such as your banking or credit information, while on public networks in order to prevent anyone from gaining access. If you need to log onto sensitive accounts, log onto Kent State University’s VPN to use a protected wireless network
Don't know how to connect to Kent State University's secure VPN?
WHAT TO DO IF YOUR DEVICE HAS BEEN STOLEN
The user will need to report the theft to the police. In order to file a complete report, the user will need to have the make, model, and serial number of the stolen device. If the user does not have this information, they can contact the device manufacturer.
If the theft occurred on a Kent Campus:
- Kent State University Police Department
- Stockdale Building
- 530 E. Summit St. Kent OH 44242
If the theft occurred in Kent, Ohio:
- Kent City Police Department
If the theft occurred elsewhere:
- The user needs to contact their local police department
- If you had any sensitive information on the device (such as credentials for accounts, personally identifiable information, financial information, etc.), it is recommended that you change your passwords as well as request your accounts to be flagged/monitored.
- If the device has any work or client information, the your employer and/or client should be notified immediately.
- Contact the device manufacturer so that they can make a note that the device has been stolen in case the thief tries calling support.
Internet of things (IoT)
These devices can be ordinary things that have the ability to connect to the internet. Some examples of these could be your home thermostat, smart refrigerator, smart watch, baby monitor or a smart TV. IoT devices may be connected to the internet constantly, without needing to be interacted with. In order to protect your data, protect the IoT, which in a constantly connected home, should be protected by a secured network!
Securing your network
Most home wireless networks (Wi-Fi) are controlled by your internet router or a separate dedicated wireless access point that broadcasts wireless signals. This means that securing your wireless network is a key part of protecting your home and everyone and everything in it. Wi-Fi can extend way beyond the walls of your house or apartment. If you share your Wi-Fi password with friends, guests, etc... that means they can connect anytime they pass by. Before long, a lot of people know your Wi-Fi password and connect to your router, and then have access to your home network.
Whether it’s a smartphone, laptop, desktop, tablet or any other internet-connected device, the tips and resources below will help protect your technology and secure your personal/work data.
Own your online presence/footprint - Every time you sign up for a new account, download a new app or get a new device, IMMEDIATELY configure the privacy and security settings to your comfort level for information sharing. REGULARLY check these settings at the minimum once a year, to make sure they are still configured properly.
Cybersecurity basics - Keep your software up to date! Use passwords on all your devices and apps. Make the passwords at least 12 characters long, using numbers, symbols, and capital and lowercase letters. Make the passwords unique to only that device or app. Never share your passwords or store them physically (such as on a sticky-note or in a notebook).
Secure your accounts - Set up multi-factor authentication (MFA) on any account that allows it, and never disable it.
Secure your home network - Make sure that you have changed your router login’s default username and password, as they are easily found online. Always keep WPA2 enabled to ensure the best security for the devices on your network. Use a strong wi-fi sign-in password. Keep your router’s firmware up-to-date on a regular basis. This will ensure that you have the latest security updates.
Treat your work data/information as personal information. University data includes employee personally identifiable information (PII) through tax forms and payroll accounts and so much more. DO NOT share PII with any unknown parties or over unsecured networks.
Social media is part of the cybercriminals toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about you, your friends,family,vendors, as well as human resources and financial departments. You should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.