The single most important thing you can do to help secure the University is to protect your own accounts.

Please follow these best practices to better secure your accounts.

  • Google letter G logo

    Google Two Factor Authentication

    The single most important thing you can do to help secure the University is to protect your own accounts. Please enable Google 2-Step Verification for your Cardinal Mail Google Workspace account now. Its use will become mandatory on January 5, 2022.

    Learn More

  • Protect Against Phishing

    Hackers use "phishing" to trick you into providing access to your personal and account information, by pretending to be someone you know and trust. There are steps you can take to protect against phishing attempts.

    Learn More →

  • Use a Strong Password

    Your Cardinal Credentials password is the first line of defense in protecting you and your University data from intruders.

    Select a Strong Password

    • Make your password at least eight characters--longer is better (try 14 or more).
    • Consider using a passphrase that is long but you can easily remember. Mix in numbers, uppercase letters and punctuation characters.
    • Abbreviate words.

    Example: “When=76itco-HumanEvents” (don’t use this one).

    Use Completely Separate Passwords for Each Account

    Be sure to always use totally different passwords for each of your accounts!

    Too hard to remember?

    Install and use a password manager app such as 1Password or LastPass. Apple users can use the built-in Keychain app. Choose one that offers at least 256-bit AES encryption.

  • Use Multi-Factor Authentication

    Enable multi-factor authentication or MFA for Cardinal Mail and any personal account you have that supports it (e.g., your bank, Paypal, Amazon, Apple, Google, Microsoft).

    Use Google 2-Step Verification

    Google's 2-Step Verification helps protect you by making it harder for someone else to sign in to your Cardinal Mail account. With 2-Step Verification, you provide your password, and another piece of security info. Even if someone learns your password, they won’t be able to log on if they don't have access to your security info.

    Learn more about 2-Step Verification for Google. And turn it on today!

    Use Duo Multi-Factor Authentication with University systems

    You will need to use multi-factor authentication with Duo to access certain University administrative applications and VPN remote access profiles.

    Learn more about Using Duo(Please log on with your Cardinal Credentials when prompted.)

  • Protect Your Computer

    Each computer that connects to any network should

    1. be configured to download and install operating system updates automatically,
    2. be running up-to-date antivirus software, and,
    3. if available in the operating system, have a software firewall enabled.

    Campus computers provisioned by Technology Services are configured this way by default.

    If you are a student who administers your own computer, make sure your computer is configured to do the same. Windows Defender Antivirus is built-in to Windows. Sophos Home Free is antivirus for Mac and PC that is free for personally-owned computers.

  • Protect Sensitive Data

    The safest place to work on University sensitive data is on your University-owned computer on campus. The safest way to work on administrative data is through the administrative system interface--do not download it into a file or another program.

    For employees working off campus, make sure your computer is protected as described above. Use VPN to connect to campus, and remotely connect to your campus computer to access administrative systems.

  • Read Email and Messages Safely

    Viruses and other malware are often delivered via email or messaging applications.

    Do not click on suspicious links or open unexpected file attachments that you may receive in messages.

    Hackers use Phishing to gain access to your personal and account information, by pretending to be someone you know and trust. Members of the university community can visit All about Phishing to learn more (please log on with your Cardinal Credentials when prompted).

  • Browse safely

    Visit only web sites of organizations and companies that you know and trust. Most spyware comes from visiting sites that contain malware.

    Consider installing an ad blocker add-in to your computer or mobile device web browser.

  • Install software safely

    On your personally-owned devices, download and install software only from the device’s app store (e.g., Microsoft Store, Mac Store, iOS App Store, Google Play Store), or directly from the software manufacturer’s website. Do not obtain software from other locations.

    Be sure to heed any warning messages generated by your device at install time so that you do not allow the app to have elevated access to your device or to its services unintentionally.

    Employees should submit a Technology Services request ticket if they need additional software installed on a campus computer. Do not install extra software onto a campus computer yourself.