On Thursday, April 7, 2016, OIT will begin rolling out two-factor authentication to certain online SMU systems, starting with the personal information section of my.SMU. The two-factor authentication will be handled by a third party called Duo Security.
Category: Security Awareness
Phishing Alert: Information Update
There is a phishing attempt circulating which requests that you update your MySMU portal information. This is not legitimate. Please do not click on the link or provide your credentials. If you have done so, please change your password immediately at smu.edu/password.
Protect Yourself: Methods to Protect your SMU Accounts and Data
We’ve all been there. After a long busy day in classes you rush to print out that big project at the library. Your class is just five minutes away, so you rush away without logging off of the public computer. We always like to think of our fellow classmates as trustworthy and caring people, but with security breaches on the rise, it’s best to take every precaution possible when using your SMU account.
News articles constantly talk about “hackers” gaining passwords to an individual’s account. One of the most recent victims was none other than CIA director John Brennan. The high-schooler that “hacked” Mr. Brennan’s personal AOL account didn’t really use any hacking or technical expertise to get access to the account; he just simply acted as if he was Mr. Brennan during a fake technical support call. Many other examples include nefarious individuals simply calling people asking for their passwords. This makes it extremely important to keep your personal information private and to never offer it to others.
The best way to keep your SMU information yours is to always fully log out of any services you use when you’ve finished using them. Always log out completely from any public computers on or off campus to prevent anyone from walking up and accessing your information. Most public computers on campus are set to completely wipe any information saved on them when restarted. Restarting the computer, if possible, would be the most secure option.
Here’s a few other quick tips that can make your account more secure:
- Use a PIN or touch pattern to lock your smart phone or tablet. The longer and more complex the better!
- Use a password manager like LastPass, 1Password or KeePass to save your passwords securely and to generate random and secure passwords automatically.
- NEVER give your password to anyone, even if asked by someone saying they provide technical support.
For example, the SMU Help Desk will never ask you for your password, so if anyone claims they are from SMU and asks for your password, end the conversation and contact the Office of Information Technology immediately! - Don’t leave your personal devices logged on and unattended. Not only could the devices be physically stolen, but the perpetrator can also steal your information. If you must leave your device, make sure it’s at least locked.
By following these tips, you can help make your information even safer from the threat of cyber attacks. If you have any questions on how to stay secure, call the Help Desk at 214-SMU-HELP or drop us a line at help@smu.edu.
Thinking of Using SMU Email for Your Marketing? Think Again.
With over 11,000 students available to you through the Outlook address book, you might think this is a great group to market your services or product. They are SMU students. You are an SMU student. You have that natural connection and why wouldn’t they like the bag you designed on Etsy that is perfect for Boulevarding. Or maybe you speak four languages and really could help that struggling student in German – if they only knew you were available. The problem occurs when you click that send button. At that point, your email becomes a violation of SMU policy and that can cause problems for you.
As George Finney, Chief Security Officer at Southern Methodist University, explains, “This is a violation of our bulk email policy and it also uses SMU resources for a commercial venture… As a non-profit, SMU’s tax-exempt status requires us to not allow this.” If you are found in volition, OIT will prevent further email distribution by you, and block access from campus to any 3rd party email address listed in the message. You basically get marked as a spammer. Also, your account will be reviewed and if further action is warranted, it will be taken.
If you have questions about email policy, please feel free to contact the Help Desk at 214-768-HELP. For more information on University policies, please review the official University Policy Manual at smu.edu/policy.
New Logins for My.SMU and Employee.SMU
Very soon, OIT will be adding my.SMU and Employee.SMU to our list of sites using the secure Shibboleth login. For those not familiar with Shibboleth, it is a software solution that provides Single Sign-On (SSO) service, allowing you to gain access to web resources both inside and outside SMU after logging in just one time. Shibboleth also allows websites, such as Concur and Lynda, to grant access to their online resources. This is all done securely and in a way that preserves your privacy. We have used Shibboleth to authenticate to external sites for some time, but my.SMU and Employee.SMU are two of the most widely used SMU sites to begin using the Single Sign-On service.
The Shibboleth Login
When you log in to my.SMU, you will see the new my.SMU portal. Upon clicking the Login button, you’re directed to the Shibboleth login page. You use your SMU ID and password to log you in. You will be able to move freely between the services without having to log in every time, as long as you are in the same browser.
Once you log out, you will need to exit (Alt+F4 for Windows) or quit (⌘+Q for Mac) out of the browser – not just close the tab or window – to end your session.
Don’t Bookmark It
Please, do not bookmark the Shibboleth login page. The Shibboleth login page ONLY works if you are sent to it by a web service or application. It requires information from the originating web service to know where to go after you log in. You should bookmark the site you are trying to access (smu.edu/lynda for example) rather than the Shibboleth Login Page.
Find Out More
For more information about Shibboleth, please see the Shibboleth service page at www.smu.edu/OIT/Services/Shibboleth.