Cybersecurity Awareness Month - Multi-Factor Authentication

Dear members of the Puget Sound community,

As part of Cybersecurity Awareness Month, Technology Services is highlighting the importance of protecting your accounts by using multi-factor authentication (MFA).

Every Tuesday in October starting the 8th, stop by our booth in the Wheelock Student Center from 11:30 a.m. - 1:30 p.m. to get help with MFA on your university account, say hello, try a cybersecurity-themed puzzle, or snag a free sticker. Tired of waiting on a text message to log in to your account? Learn about using an authenticator app instead and get help switching over.

This week’s learning opportunity spotlight: Essentials for Securing Your Digital Life

Come find out if your cyber hygiene passes the sniff test! In this session, you’ll learn about four key behaviors to stay ahead of cybercriminals. We’ll dive into locking down your logins, keeping your devices fresh, and dodging social engineering scams like a pro. Don’t sweat it - these simple steps will help you secure your digital life!

The sessions will be offered on Zoom at these times:

• Monday, Oct. 7 at 3 p.m. - Register here
• Friday, Oct. 25 at 3 p.m. - Register here

This week’s security tip: Multi-Factor Authentication

Multi-factor authentication (MFA) is a simple but powerful security measure that adds an extra layer of protection to your online accounts. Instead of only relying on a password, MFA requires you to verify the login attempt through a second step, such as a one-time code or push notification to an app. This additional step makes it significantly harder for cybercriminals to gain access to your accounts, even if they manage to guess or steal your password.

Start by enabling MFA on important accounts such as banking and financial accounts, email, password managers, cloud storage accounts, and social media.

As the first line of defense in protecting your accounts, remember to create long passphrases (e.g., 17PenguinsDanced@Midnight ) and use unique passwords for each online account to minimize the risk of attackers having your credentials.

As the adoption of MFA grows, unfortunately, so do attackers’ attempts to bypass it. Below are common attacks to beware of.

• Proxy sites. Attackers create a fake website that mimics a legitimate login page. When you enter your credentials on the proxy site, it intercepts and sends them over to the real site, triggering MFA verification. However, the attackers are capturing your username, password, MFA code, and anything else you enter, thus giving the attacker everything they need to take over your account without raising suspicion. To protect yourself, always carefully examine URLs to ensure you are logging in to a legitimate site, not a convincing lookalike.
• MFA fatigue. Intended to annoy or overwhelm you into verifying a login attempt, attackers flood your device with MFA requests by repeatedly attempting to log in with your correct credentials. Always reject any authentication request that you did not initiate. If you experience this, change your password to stop the attack.
• SIM swapping. This attack is when cybercriminals trick your mobile carrier into transferring your phone number to a device they control, allowing them to intercept one-time codes sent via text message. Switching to an authenticator app instead of using SMS for MFA prevents this type of attack.
• Pretexting. By fabricating a convincing scenario, an attacker uses social engineering to trick you into sharing your MFA verification code. For example, an attacker tries to log in to your account but encounters MFA. You receive an email alert of a new login. The attacker then calls you pretending to offer technical support by stating they detected unusual login activity and need you to read the verification code back to them in order to help secure your account. Learning how to recognize scams will help you resist these attacks.

Ready to step up the protection on your personal accounts? You can search the 2FA Directory for services you use and easily find documentation on how to set it up.

Don’t get locked out! If you are able to add multiple MFA methods, such as on your university account, having a backup MFA method will prevent you from being locked out in case you cannot access one method (e.g., if you receive a text message with a code but your phone number changed). Alternatively, use an authenticator app such as Authy or Google Authenticator that allows you to backup your MFA data.

For more ways to get involved, please visit pugetsound.edu/CAM2024.

Thank you,

Technology Services

TS Service Desk
Walk-In Support: Tech Center in Collins Library
Phone Support: 253.879.8585
Online Help: https://support.pugetsound.edu/
Email Support: servicedesk@pugetsound.edu