Wednesday, October 8, 2014 - 16:02

Passwords are one of the most important and least secure security protections we all use. Take a minute to think about how many sites you access with a password: Duke, Facebook, Twitter, Instagram, Gmail, Evernote, Apple, Amazon, Netflix, Twitch, your bank, and maybe a few others.  How many of those passwords are the same?  

 

In recent weeks, 5 million Google passwords were exposed and celebrity photos leaked online after a suspected iCloud breach. What would you do if your account password was stolen? What could an attacker do or see?

 

A 6-character password can be cracked in less than four minutes, and an 8-character password in a little more than a month.

 

While passwords are a challenge, they don't appear to be going away anytime soon.  So, how do you protect access to your accounts? This is where the concept of two-step or multi-factor authentication comes in. Multi-factor authentication is based on something you know (your password) and something you have (such as your phone or a hardware token like a Yubikey). If an attacker gets your password, they would still have to get access to that second “factor” to access your account.

 

Duke offers multi-factor authentication (http://oit.duke.edu/mfa) that can be used to secure your NetID and access to various web applications at Duke. More than 6,100 individuals have registered so far, and we would like to see everyone at Duke try the service out.

 

You can also use multi-factor authentication for accounts at institutions like Facebook, Twitter, iCloud, Evernote and Bank of America. Check out this guide for more information on services that use it: https://twofactorauth.org.

 

So what do you need to do about all those passwords you have? Next week we'll talk about how you can use LastPass to store and create different passwords for all your accounts.
 

Wednesday, October 1, 2014 - 08:59

Welcome to National Cyber Security Awareness Month 2014! Each year, the Duke University and Medicine security offices sponsor a number of events to promote security awareness, and we think this is our best year yet. 

 

From contests with great prizes (like Duke men’s basketball tickets and Google Chromecasts), to talks on web security, Windows security and cryptocurrencies, to giveaways at on-campus events, there are great opportunities for you to learn some easy ways to protect yourself and your information online.

 

Take our spot-the-phish quiz, find out more about upcoming events, and be sure to come see us at one of the sessions! Also, find out more about services you can use now to protect yourself and your information online, including multi-factor authentication and LastPass password manager, available free to Duke faculty, staff and students: http://security.duke.edu/calm.

 

Finally, we’d like to answer your questions about IT security. Email us your question at security@duke.edu, and you could win a free t-shirt. Be sure to check this blog each week in October, as we will post new information on easy ways you can protect yourself online. 

Wednesday, September 24, 2014 - 10:30

Looking to protect your home network or online accounts? This recent CNN story provides great tips -- based on advice from actual hackers -- to protect your phones, computers and information.

 

One example: Turn off your phone's wi-fi and bluetooth if not needed.  "If you keep Wi-Fi and Bluetooth active, hackers can see what networks you've connected to before, spoof them and trick your phone into connecting to Wi-Fi and Bluetooth devices that hackers carry around," according to the story.

 

Another good piece of advice is to use two-factor or multi-factorauthentication, a service that Duke offers free for faculty, students and staff.

 

The article also suggests using the tool HTTPS Everywhere, a browser add-on from Electronic Frontier Foundation that can be used to force HTTPS for any site that offers it, ensuring that your communications with that website are encrypted.

 

Check out the article for all seven tips, and contact us at security@duke.edu if you have any questions about computer or online security.

 

 

 

 

 

Pages