This article, part of Penn State's ongoing Secure Penn State series, explores steps to keep personal information safe online, including enrolling in two-factor authentication, creating strong passwords and setting security questions to manage passwords.
To help keep information safe, Penn State faculty, staff and students are encouraged to take the following steps. Additional information about each step is located below.
- Enroll in Penn State’s two-factor authentication service at http://identity.psu.edu/services/authentication-services/two-factor/self-service-portal.
- Choose strong passwords for online accounts.
- Set Penn State security questions at work.psu.edu/password.
1) Enroll in two-factor authentication (2FA)
Online adversaries come in many forms, but perhaps the most sinister are those looking to steal personal information and intellectual property, such as financial records and research data. A security measure called two-factor authentication (or 2FA) allows Penn State faculty, staff and students to add an extra layer of protection when using University systems and services to help secure various types of personal and institutional information.
Sign up for 2FA now: Visit this link to get started.
In a traditional, single authentication system, each user is asked to provide only a user ID and password to verify his or her identity. While a password provides a minimal level of protection from those looking to steal data, a single authentication system is not as secure because there is no other information needed to successfully sign in.
Two-factor authentication, on the other hand, requires an identification component in addition to a user ID and password. This component — typically a passcode sent to a user’s mobile device by text or desk phone by voice — is something the user possesses, rather than only something remembered. Since this component is a physical piece of the authentication process, it is very difficult to duplicate and therefore much less vulnerable to theft.
Penn State faculty, staff and students have several device options for enrollment in the two-factor authentication service, including smartphones, tablets and desk phones, and can enroll in the service now by visiting http://identity.psu.edu/services/authentication-services/two-factor/self-service-portal. The two-factor authentication service will be enabled for many University systems and services in the coming months.
2) Create strong passwords
Enrolling in two-factor authentication isn’t the only way to keep personal and Penn State information secure. Passwords are one of the most common forms of protection used today, and having strong, unique passwords is essential to minimizing exploitation of information.
It can be easy to pick a birth date, anniversary, child’s name or pet’s name as a password, but because this information might be publicly available these types of passwords are easily cracked. Even passwords containing words found in the dictionary are susceptible to “dictionary attacks,” a method of breaking into a password protected computer or server by systematically entering every word in the dictionary as a password.
While it can seem daunting to choose a strong password without using easy-to-remember information, relying on a series of words and using memory techniques, or mnemonics, can make even the most complex-looking password easy to remember. Choose a phrase that’s unique and familiar just to you and combine the first part of each word, mixing at least 15 numbers, characters and letters. Using the mnemonic approach makes it much easier to create a unique password for each account, which prevents attackers who may guess one password from being able to log in to multiple systems.
Keep in mind that creating and using strong passwords does little to protect personal information if those passwords are not kept confidential. It may seem harmless to share passwords with trustworthy people — friends, family and significant others — but the more people who know this information, the higher the chance of these passwords falling into the wrong hands. Because passwords are a popular target for attackers, the best way to help keep them secure is by making sure only authorized users know them. Passwords do no good if the information is volunteered, and using such devices as cell phones, tablets and laptops without having password protection enabled makes the job that much easier for attackers.
3) Set security questions for your Penn State Access Account
Taking a few moments to set security questions allows Penn State faculty, staff and students to easily reset their passwords if lost or forgotten from any Internet connection. If security questions are not set, users may be required to visit the Accounts Office at University Park or a campus signature station to reset their passwords, which could impede their ability to conduct course work or other University business.
Set your security questions now: Faculty, staff and students are strongly encouraged to set their Access Account security questions by visiting http://work.psu.edu/password.
For additional information and tips about keeping your Penn State information safe, visit http://sos.its.psu.edu/.
The United States Computer Emergency Readiness Team — which leads efforts to improve the nation's cybersecurity preparations, coordinates cyber information sharing and proactively manages cyber risks to the nation — also offers advice about common security issues at https://www.us-cert.gov/ncas/tips.