Wednesday, October 29, 2014 - 10:09

As national Cybersecurity Awareness Month draws to a close, be sure to take our spot-the-phish quiz to be entered in the final drawing for a Google Chromecast and four Duke men’s basketball tickets.


Also, all Duke faculty, staff and students are encouraged to take these actions to protect themselves online:

  • Enroll in and use multi-factor authentication. This provides an additional layer of security when logging in or performing transactions online. Also known as two-step verification, multi-factor authentication requires a user to log in using a password and randomly generated code. Register for the service on the OIT website:
  • Sign up for LastPass. The premium password management service is free for Duke users and saves passwords to an easy-to-use vault. Browse for LastPass under "Security & Networking" on OIT's software site:


We'll select winners from among all Duke community members who have taken the phishing quiz, enrolled in multi-factor authentication and signed up for LastPass. Winners will be announced on this blog next week.


Questions? Email Happy October!

Wednesday, October 22, 2014 - 15:20

Stolen laptops and mobile devices rank as one of the top security issues for Duke students.


Prey, anti-theft tracking software available free for up to three devices, can help locate a lost or stolen phone, tablet or laptop.


With Prey, you can remotely locate, lock, wipe and recover a device by logging into a web platform where you also can sound an alarm or show an on-screen message to let the thief know you’re after him.


The big difference between Prey and a service like "Find my iPhone" is that Prey will run on iOS, Android, Windows, Mac OS X, and Linux. We have seen at least one case at Duke where Prey was used to help recover a stolen laptop.  


If your device is stolen, access your account for information to provide to the police.


We highly recommend installing Prey on personal devices, but if you want to run it on a Duke-owned device, please check with your IT support first. Download Prey at

Wednesday, October 15, 2014 - 16:15

Last week we talked about using multi-factor authentication to protect access to your accounts. Even with multi-factor enabled for your Duke and other accounts, it's also important to consider how you are securing your passwords for those sites. Take a look at the top 25 worst passwords for 2013. Is your password "password" or "letmein" or "princess?" If so, now's a good time to change it.


But how do you keep track of different, strong passwords for each account you own? One method would be to write them down, but that's not always a good idea, because what happens if the piece of paper or sticky note is stolen? Another might be to store them in a Word document or Excel spreadsheet. But what happens if an attacker (or your kids) gets access to your computer?  


From a security perspective, LastPass is a great alternative to the challenge of managing and storing unique, random passwords for each site you visit. Duke offers a premium upgrade for LastPass free to all faculty, staff and students. With LastPass premium, you can create an encrypted password “vault” that stores all your passwords; change passwords for existing accounts to long, strong passwords; automatically fill in the user account and password when logging into sites; and audit your passwords with LastPass's “security check” to identify areas where you can improve your online security.


You can download LastPass free from Duke OIT’s software site: