ITS Update

Heartbleed and Account Security

April 18, 2014

Early in the morning on Monday, April 7, a serious security defect was announced and circulated widely by media and news sources which affected a considerable number of internet web sites. This issue has been dubbed ‘Heartbleed’. More information is available here, and you can keep reading to learn about a service for making passwords more secure that ITS is investigating.

Heartbleed was an uncommonly widespread incident which highlighted the importance of account security. Passwords, once compromised, can be used to read and send email, to access private information, and to impersonate you. There are many ways to improve the security of our accounts, and one of the best is called 'two-step authentication'.

In essence, two-step authentication adds a second layer of security to your account that is independent of your username and password. The most common form of two-step verification uses your phone to verify your identity. The process is straightforward: you enter your username and password online as usual, then respond to a prompt (a call, text message, or app notification) on your phone or other device to verify that it's you. This can help prevent anyone but you from accessing your accounts, even if your password has been compromised. Also, you'll be alerted right away if someone does know your password and tries to log in with it.

If you are interested in learning more about this technology, Rich Graves and other ITS staff will be available in Weitz 236 on Thursday, Apr 24th, at 1:00 pm, directly following the LTC talk.

 

 

Add a comment

Please login to comment.