Cybersecurity Awareness

Online Safety and Best Practices

Do

  • Use strong passwords and change them often.
  • Use antivirus software for your computers.
  • Hover over hyperlinks in messages to verify they direct you to the expected site before clicking.
  • Verify unusual requests from UMBC, your bank, or friends by contacting them directly using a trusted number.
  • Keep your apps, virus protection, and all other software up to date to ensure optimal security.
  • See something, say something. Forward suspicious messages in your UMBC email to security@umbc.edu 

Don’t

  • Use the same password (or very similar ones) across multiple accounts.
  • Respond to suspicious emails, direct messages, or other forms of correspondence.
  • Click any links in an unsolicited email, even those claiming to unsubscribe you.
  • Trust offers that seem “too good to be true”– they probably are.
  • Share personal information via email or on sites that do not start with “https” or lack a “lock” icon.
  • Download files or apps from unknown sources to avoid malware risks.

NOTE: UMBC will never prompt you to give a username or password except through its official WebAuth Site.

Password Best Practices

Simple measures like passwords often don’t receive the attention they deserve. How many of us use just one or two general passwords for all our accounts? Considering the potential trouble if these were compromised highlights the importance of account security. It’s always better to be safe than sorry, so now is the perfect time to reevaluate how you protect your accounts. Here are some tips to help reduce the risk of your account being hacked:

  • Install Duo. Duo is a two-factor authentication application available at UMBC to help protect your account. For more information, visit https://wiki.umbc.edu/display/faq/Multi-Factor+Authentication+with+DUO. Two-factor authentication is currently one of the most effective ways to secure your UMBC (or any other) online account.
  • Change your password periodically: Regular password changes are theoretically a good idea because they ensure someone can’t acquire your password and use it to snoop on you over an extended period of time. For example, if someone acquired your password they can log-in as you and monitor your private conversations as well as use your identity to send unwanted emails. 
  • Don’t use simple passwords: Avoid consecutive keyboard combinations such as “qwerty” or “1234”. Do not use personal information such as your name, date of birth, age, pets name, etc. 
  • Use a combination of letters/number/characters: Use at least 8 characters of numbers, letter, and/or symbols. A lot of sites include a password strength analyzer. Use this tool to create a strong combination to obtain the safest password. You can also make it fun! For example, the password “2B-or-Not_2b?” is a strong combination of letters, numbers, and symbols that says “to be or not to be”. 
  • Manage your passwords: It’s already hard enough trying to remember all of your passwords, but when you have to constantly reset your password it gets annoying. It’s okay to write your passwords down as long as they’re in a secure place. You can also use online tools to manage your passwords. 
  • Logout: A lot of times we forget to logout when we’re in a public place. Make sure to logout every time you step away from your computer. The next person to gain access to your computer can easily gain access to your accounts.