Create complex passwords in the form of a passphrase that is at least 12 characters long, combines letters, numbers, and symbols, and is unique to each site. Don’t forget to change passphrases regularly! 

Need help managing all your passwords? A password manager automatically stores your passwords in a secure, encrypted database, can autofill them when you arrive at a site, and can help you generate a strong password when needed.

A good password is:

• Long – At least 12 characters 
• Unique – Never reuse passwords. Each account needs its own unique password. 
• Complex – Use a passphrase consisting of a combination of upper- and lower-case letters, numbers and special characters. Some websites will even let you include spaces.

In addition to saving your passwords, a password manager will also protect your identity, notify you of potential phishing websites, and alert you when a password has potentially become compromised. There are many different free or paid password managers available for personal or business use. Some examples include: 

Free Password Managers

• NordPass  
• LogMeOnce
• Proton Pass
• Bitwarden 

Subscription Password Managers

• Keeper 
• 1Password  
• Dashlane
• LastPass        

In the cyber world, MFA stands for multi-factor authentication. Multifactor authentication is a security measure that adds an extra layer of protection by requiring users to provide more than just a password to access an account or application. 

The university has already enabled DUO multi-factor authentication on all major university accounts and services in order to ensure your accounts are as secure as possible. Whenever possible, we recommend turning on two-factor authentication for additional accounts, such as social media accounts, private email accounts, Microsoft360, or LinkedIn. The more factors you use, the better your security.

Keep your computers, tablets, and smartphones updated with the latest security patches and antivirus software. 

When downloading a software update to your personal or professional device, be sure the update is coming from the company that created the software. Hacked, pirated or unlicensed versions of software often contain malware or cause more problems than they solve. To ensure the legitimacy of the update, visit the update page or settings page in the application that you are updating.

The easiest way to ensure your programs and applications are updated regularly is to turn on automatic updates within the program or app settings and make sure you accept all updates when prompted.

Never click on any links, attachments, or email addresses within the suspicious message. Forward the message only to IT Central.

How to Spot a Phishing Scam:

• Do you recognize the sender?
• Were you expecting an email from the sender?
• Is it a strange or abrupt business request?
• Does the sender’s email address match the person asking for a response?
• Does it stress an urgency to click on hyperlinks or attachments?
• Does it come through an unusual channel, such as a job offer via text?
• Does it contain an offer that’s too good to be true?
• Does it include language that’s alarming or threatening?
• Is the greeting ambiguous or very generic?
• Does it ask you to send personal information, passwords, or MFA codes?

To Report a Scam:

• Click the radio button on the right of the email 
• Select “Report Phishing” to alert Google
• You can also select “Block Sender” if you are certain that the message is malicious. Never forward or click on any links or email addresses within the suspicious message.
• You should also contact IT at itcentral@newschool.edu to report the suspected phishing scam and allow the IT team to investigate and block any additional phishing attempts.
• Once you have reported the message to IT Central, please delete the message.