There are some simple practices that would help prevent one from falling victim to phishing scams and nefarious spam emails.
- Beware of 'Scare Tactic' mail informing you of account revalidation processes or quota limits. if you are not sure contact customer service directly and not via the reply option.
- Never click on unknown email links.
- Be Wary of email attachments. (Possibly scan all attachments before opening them)
- Don't get trapped by enticing 'Parcel delivery', 'Prize Winnings' , 'Purchase Order' or 'Work Opportunity' email notifications
- Always pay attention to the 'Reply To' address on emails that purport to be from a known sender.
- Never respond to offensive or spam emails.
- "NEVER" respond with personal identifiable information such as UserID's, Passwords, DOB, SSN, Address, Password Recovery Information.
Why does my MIDAS password have to be so complex?
Monarch-Key allows access to a wide range of web services using MIDAS credentials, including MyODU portal, email, and dozens of other ODU services.
The ability to access a wide range of service with a single account provides many benefits including:
- Reduction in the number of accounts/passwords users must remember
- Greater security of personal and private information
- Easier access to ODU resources via systems integration
In turn, the MIDAS password rules and complexity must meet the requirements of many systems. ODU's password practices (MIDAS password length, complexity, and rotation frequency) all blend together to adhere to industry standards and meet the requirements for identity assurance certification.
ODU takes the security and privacy of our student's information seriously; in order to have a less complex password that is still secure, the length of the password would have to increase or the frequency of change would have to be made shorter. Therefore, we strive to balance these aspects and ultimately deliver a secure yet user friendly computing environment.
Personal Computing Password Guidelines:
Passwords Should Not:
- be an alphabetic series either forwards or backwards, i.e., ABCDEF or FEDCBA.
- be a numeric series, either forwards or backwards, i.e., 123456 or 654321.
- be a string of all identical letters or numbers, i.e., AAAAAA or 111111.
- be a common keyboard shortcut, i.e., ASDFG or QWERTY.
- be your name or userid, or any variation thereof, such as your name or userid spelled backwards, with mixed case letters, etc.
- be a word(s) that can be easily associated with you, such as the name of your spouse, child, pet, favorite football team, or literary character.
- be a common word that you might find in a dictionary.
Choose Strong Passwords:
- Create a password that is at least eight characters long.
- Combine the first letters of each word of a phrase to produce the password.
- Include at least one symbol or number in the password, but preferably not just one at the end.
- Use a varying combination of lower and upper case letters in the password.
Maintain Password Security:
- Using different passwords on each account you have.
- Changing your passwords at regular intervals.
- Never writing your passwords down.
- Never sharing your password with others.
- Never post personnel or sensitive information on a social site.
- Be careful how much information you share in your profile.
- Keep in mind that when you access applications or games on a social site, you are often giving complete strangers access to you and your friend's profiles.
- Be careful clicking unsolicited links inside social sites.
Facebook, MySpace, Twitter, and others are the leaders in today's online social networking sites. Social networking sites are a social utility that connects people with friends and others who work, study and live around them. People use social networking sites to keep up with friends, upload a number of photos, share links and videos, and learn more about the people they meet. Yet an increasing number of people are being harassed, having their identity stolen, and legal actions brought against them. Below is a helpful list of things to beware of while using these sites and precautions to take to ensure your security.
The Three Steps in Online Social Networking Safety:
If you wouldn't post it on a resume don't post it on the net.
Before you enter that room to get that high paying job you might have already lost it. Numerous employers and scouring the internet and social networking sites to see what they can find out about potential employees. If you have inappropriate pictures, belong to inappropriate groups, or a number of other things this could severally dampen your chances of receiving that job you wanted. Be sure to check the appropriateness of your page and keep in mind you never know who is looking at it.
Sensitive information is for your eyes only
A rising number of people are exposing sensitive information on social networking sites. Many don't realize that what they post can be read by people they don't know, and the information on their sites can be used maliciously and for identity theft. If you have sensitive information such as mother's maiden names, social security numbers, credit card numbers, or others do not post them on the site or send them to anyone else.
Remember safety is always your first concern
Although Facebook does offer a wide variety of safety settings it is still your number one concern to be cautious when using it. Remember that people you don't even know could gain access to your page and see and revealing information that you may have. Don't post home addresses, telephone numbers, or any other identifying information. Another good tip is to remember just because you deleted from your page doesn't mean it's gone, someone could have downloaded or kept your information somewhere else. Safety is and always should be everyone's number one concern.
Wireless internet (Wi-Fi) networks are available in a variety of public places; this offers convenience but it's important to know that wireless connections may not always be safe. Many public Wi-Fi spots are not secured and users are at risk of exposing sensitive information and data inadvertently.
First and foremost, reduce your computer's vulnerablity by ensuring that your operating system patches and firewall software are up-to-date before you connect to any wireless network.
The information you send over an unsecured Wi-Fi network is not encrypted. Always keep that in mind when decided what information you are sending. A user should always know what network you are joining. In an Evil Twin attack, a user is tricked into joining an imposter network that mimics the authentic public access network. Once the user joins, the attacker can easily intercept sensitive information.
- Be aware that data sent through a unsecure Wi-Fi network is sent in the clear and can be intercepted.
- Wireless data is not limited to just the range of your computer. Hackers can increase their range by using amplified antennas to intercept the signal from greater distances.
- Be cautious about the wireless network you join. Wireless networks that require a network security key or password protect the information sent over the secured networks as the information is encrypted.
- Be careful about what information you are sending. You should never send personnel information such as a user id, password, banking information, or credit card numbers.
- You should disable shared folders if you are not using that resouce; file and printer sharing enables computers on the same network to access resources on your laptop, leaving your laptop vulnerable to hackers.
Protect yourself and your hardware/software while you are connected to the internet.
Securing Your Computer
The possibility exists that your computer could be compromised by an online attacker or virus. We offer this information as a guide to protecting your computer and your data. You are responsible for updating your computer.
The first thing you need to do is install and frequently update a good antivirus program. Please learn how to maintain anti-virus software on your computer. If you need assistance with this process you can contact the ITS Help Desk.
Through ODU's site license program with McAfee, you may download this antivirus software for free. This software can be downloaded with your MIDAS ID and password HERE.
Obtaining the software is only the first step. It is only effective if it is always running and data files are current. If properly configured, the McAfee Antivirus Client will automatically update daily. If your version is out of date, you can manually update it by right clicking on the icon in the system tray and select Update. This will update to the latest version of definition files.
Keeping Windows patched with the latest critical updates is extremely important; these patches close vulnerability holes in your computer. Microsoft frequently releases critical updates that help minimize security risks.
Windows has a feature called "Automatic Updating". This feature retrieves these updates as they become available.
ResNet recommends that you manually go to the Windows Update website to update your Microsoft Critical updates. You may want to install "recommended patches" that are listed. Always install the critical updates. This may require rebooting and going back to the site several times until it says there are no more critical updates to perform.
First, let's define what a firewall is, and why you would need one.
Consider a firewall just like a fence between neighbors. You can use the preset gate to go back and forth through the fence. Things you don't want on your side won't get through to your side (dogs, cats, small children) without being able to access that gate. When your computer uses the internet, it uses specific "ports" to transfer data through; a firewall can block access to unnecessary ports while only allowing "specific" programs pass through the firewall. You do want to allow certain programs to access the Internet but you may not want other programs to serve data to the Internet.
A firewall prevents others on the Internet from seeing and "port scanning" your computer for open ports to exploit. Critical updates can help close these vulnerabilities but a firewall will block all ports except the ones you authorize to use in order to operate your computer. As programs need to use the Internet, the firewall program will prompt you for permission to use the Internet. You can grant one time use to test or permanently allow it to use that port. If a program on your computer wants to act as a server to provide data to someone else it will also ask if you want to allow it to act as a server.
If you are not sure whether or not to allow this, then search the "Google" web site (www.google.com) for .exe program wanting permission to open the port. Properly configuring a firewall is essential to keep hackers and viruses from gaining access to your computer. You can prevent spy-ware programs from sending data back to their servers by not allowing that program to act as a server. If the world cannot see your computer because you have a firewall, they will move on to someone else that has open ports to exploit.
So what is available to you? If you use Windows, the easiest way to protect your computer is to enable the built in Internet Connection Firewall. If you prefer something more powerful or don't have Windows, you can purchase or sometimes freely download a third party firewall program. Prices for these programs vary, but are usually under $50 for a good one. If you choose to use one of the other programs to protect your computer then you will need to rely on the manufacturer for support.
All computers should have a password for access.
Here are recommendations for creating a "strong password":
- It should be at least 7 characters long, the longer, the better
- Try to use UPPER case and lower case letters, as well as other symbols and numbers
- Has at least one symbol character in the second through sixth position
- Use at least four different characters (don't repeat letters/numbers)
- It should look like a random sequence of letters and numbers
Here are some tips for what NOT do when creating a password:
- Don't use ANY PART of your log on name for your password
- Don't use any actual word or name in ANY language
- Don't use numbers in place of similar letters
- Don't reuse any portion of your old password
- Don't use consecutive letters or numbers like "abcdefg" or "234567"
- Don't use adjacent keys on your keyboard like "qwerty"
Microsoft also recommends changing your password at least once every six months. While you might find it nearly impossible to create a password to conform to all of these rules, that is not really the goal. Use this as a guide to get an idea of what to create. As always, with any password; don't write it down or give it to anyone. ITS Acceptable Usage Policy prohibits sharing your MIDAS password with anyone else.