Did you know that 58% of organizations suffered account takeovers in 2023? According to Infosecurity Magazine, phishing used to harvest credentials was behind 79% of these takeovers. Such staggering numbers highlight the importance of safeguarding our usernames and passwords.
Strong and unique passwords are your first line of defense. Multifactor Authentication (MFA) adds an extra layer of security. Finally, you must ensure you only put your credentials into legitimate login screens. All three tactics play a crucial role in combating social engineering. They make it significantly harder for attackers to gain unauthorized access.
Protect with passwords
At Yale, you can protect your identity by not sharing your NetID and NetID password with anyone. Our NetID and password confirm who we are and grant us access to most applications. We must keep these credentials safe to prevent unauthorized access to confidential, important data. Think about the systems you log into every day. What confidential information are you trusted with that you gain access to via your NetID and password? This information is why keeping our Yale NetID passwords secure is critical.
Think of your Yale credentials like the keys to your house. You wouldn't give your keys to just anyone and risk a break-in, and the same is true with your sensitive Yale login information. Individuals with strong passwords create a better first line of defense than those with easily guessable or predictable passwords.
Passwords based on something other than common words or patterns are harder for cybercriminals to crack. Strong passwords are complex and not easily guessed. These typically include combinations of uppercase and lowercase letters, numbers, and special characters.
Enable multifactor authentication (MFA)
Strong passwords are the first step to keeping our accounts and data safe. Multifactor authentication (MFA) provides extra protection when logging into your accounts.
Most of us are familiar with MFA because we use it at Yale. Yale implements Duo MFA to require a second factor, like a mobile device, to verify your identity. You can also set up MFA for your personal accounts to take the extra step to protect your identity and data.
Be forewarned that cybercriminals can and do use MFA against us in phishing and other attacks. To keep your accounts and data safe, only approve MFA requests when logging in to Yale IT Systems. This helps prevent the cybercriminal tactic called MFA fatigue where the attacker repeatedly sends MFA requests to the victim's phone or other registered device. Be wary of frequent or unexpected Duo requests, and remember that Duo authentication is typically only required once every 90 days.
Watch out for fake login screens
Social engineering schemes manipulate individuals into divulging confidential information. Most commonly, these schemes are used in phishing emails, which attempt to obtain your username and password to gain access to more sensitive information.
Be cautious of unsolicited emails or messages asking for your NetID and password. Some emails may request you log into a screen that looks almost identical to our Central Authentication Services (CAS) login screen.
To avoid this situation, hover over the link in the email. Review some of the common URLs seen at Yale. If the URL says something else, don’t proceed – this is most likely a fake login screen.
Five takeaways to protect your identity
- Never share your NetID or NetID password with anyone, including colleagues and family.
- Regularly update your passwords and use different passwords for different accounts.
- Enable and use MFA for an additional layer of security.
- Stay informed about the latest phishing and social engineering tactics to recognize and avoid potential threats. Visit our Click with Caution page for more information.
- Report any suspicious activity immediately - it’s better to be safe than sorry.
Use Secure Passwords is now called Protect Your Identity
Strong passwords were once the gold standard for protecting our identity, but online threats have evolved. Using a password alone is like having a lone guard who cannot provide adequate defense at a gate.
Strong passwords, while crucial, are no longer enough. Enabling MFA and staying vigilant against fake login screens are two simple ways to boost our security.
"Protect Your Identity" reflects this new reality and the need for multiple layers of protection for our accounts. Visit the new and improved Protect Your Identity page for more information
Want to keep building your cyber muscles?
Register for our July 22 - 26 five-day summer challenge. Our simple daily tasks will build your cyber know-how to protect your identity in a sea of phishing attempts.