We’ve heard the feedback from faculty and staff about password security and have made changes to how often password renewals will be required. Starting with our initial pilot rollout, if faculty or staff have Duo Two-Factor Authentication (2FA) active on their SJSUOne account, their password won’t expire for two years. That means no more email reminders every 180 days and no more locking yourself out when you inevitably forget it the next morning. Our goal is to always find technology solutions that add more value — that’s the competitive advantage that SJSU IT offers.
Two-Factor Authentication adds a second layer of security to your SJSUOne account. By verifying your identity using a second factor (such as a key fob or your mobile device), 2FA makes it much more difficult for anyone else to log into your account, even if they know your password.
Signing up for Duo is easy and free. Learn more about Duo 2FA and fill out the registration form on our Duo@SJSU webpage. We’ve already made enrollment mandatory for university staff, and we’re aiming to have all faculty enrolled in Duo by December 1, 2019.
We greatly appreciate everyone’s diligence and support in protecting our students’ data and enhancing the security of our campus. Thank you for your continued help and support.
We would like to remind you of a security threat that is never far away: Phishing. During a phishing attack, a scammer disguises their email to look like a legitimate message from a colleague or company in an attempt to trick you. The goal of the phishing email is to have you click on a link or open an attachment that will ask you for sensitive or confidential information. Find information on how to spot phishing emails on our safe computing pages.
Signing up to use two-factor authentication with Duo helps keep your account safe. With Duo, you’ll be protected when somebody attempts to use your account through Okta single sign-on or other Duo-integrated apps (such as a VPN client). You can learn more about Duo and sign up for it early here.
Impersonation alerts are another useful feature, available on the Gmail website and in the Gmail apps for iOS and Android. These alerts will help remind you to be vigilant about suspicious emails, but they work best when you’re using your SJSU email account for university-related communication. If you see this alert, take a moment to review the details of the message, referencing our safe computing tips.
The single best way to protect yourself is to stay vigilant and use common sense. Oftentimes, phishers will impersonate figures of higher authority. But if you ask yourself, “When’s the last time the President emailed me directly?” and the answer is “Never,” that should raise a red flag. If you ask yourself, “I thought the President had better grammar/punctuation/spelling?,” that should raise a red flag. If you see these kinds of suspicious emails, use the Report Phishing feature in Gmail.