The single most important thing you can do to help secure the University is to protect your own accounts.
Please follow these best practices to better secure your accounts.
Google Two Factor AuthenticationThe single most important thing you can do to help secure the University is to protect your own accounts. Please enable Google 2-Step Verification for your Cardinal Mail Google Workspace account now. Its use will become mandatory on January 5, 2022.Learn More
Use a Strong Password
Your Cardinal Credentials password is the first line of defense in protecting you and your University data from intruders.
Select a Strong Password
- Make your password at least eight characters--longer is better (try 14 or more).
- Consider using a passphrase that is long but you can easily remember. Mix in numbers, uppercase letters and punctuation characters.
- Abbreviate words.
Example: “When=76itco-HumanEvents” (don’t use this one).
Use Completely Separate Passwords for Each Account
Be sure to always use totally different passwords for each of your accounts!
Too hard to remember?
Install and use a password manager app such as 1Password or LastPass. Apple users can use the built-in Keychain app. Choose one that offers at least 256-bit AES encryption.
Enable multi-factor authentication or MFA for Cardinal Mail and any personal account you have that supports it (e.g., your bank, Paypal, Amazon, Apple, Google, Microsoft).
Google's 2-Step Verification helps protect you by making it harder for someone else to sign in to your Cardinal Mail account. With 2-Step Verification, you provide your password, and another piece of security info. Even if someone learns your password, they won’t be able to log on if they don't have access to your security info.
Learn more about 2-Step Verification for Google. And turn it on today!
You will need to use multi-factor authentication with Duo to access certain University administrative applications and VPN remote access profiles.
Learn more about Using Duo. (Please log on with your Cardinal Credentials when prompted.)
Protect Your Computer
Each computer that connects to any network should
- be configured to download and install operating system updates automatically,
- be running up-to-date antivirus software, and,
- if available in the operating system, have a software firewall enabled.
Campus computers provisioned by Technology Services are configured this way by default.
If you are a student who administers your own computer, make sure your computer is configured to do the same. Windows Defender Antivirus is built-in to Windows. Sophos Home Free is antivirus for Mac and PC that is free for personally-owned computers.
Protect Sensitive Data
The safest place to work on University sensitive data is on your University-owned computer on campus. The safest way to work on administrative data is through the administrative system interface--do not download it into a file or another program.
For employees working off campus, make sure your computer is protected as described above. Use VPN to connect to campus, and remotely connect to your campus computer to access administrative systems.
Read Email and Messages Safely
Viruses and other malware are often delivered via email or messaging applications.
Do not click on suspicious links or open unexpected file attachments that you may receive in messages.
Hackers use Phishing to gain access to your personal and account information, by pretending to be someone you know and trust. Members of the university community can visit All about Phishing to learn more (please log on with your Cardinal Credentials when prompted).
Visit only web sites of organizations and companies that you know and trust. Most spyware comes from visiting sites that contain malware.
Consider installing an ad blocker add-in to your computer or mobile device web browser.
Install software safely
On your personally-owned devices, download and install software only from the device’s app store (e.g., Microsoft Store, Mac Store, iOS App Store, Google Play Store), or directly from the software manufacturer’s website. Do not obtain software from other locations.
Be sure to heed any warning messages generated by your device at install time so that you do not allow the app to have elevated access to your device or to its services unintentionally.
Employees should submit a Technology Services request ticket if they need additional software installed on a campus computer. Do not install extra software onto a campus computer yourself.