Critical Google Chrome Update

Dear Campus Colleagues,

I’m emailing to make you aware of a recent critical security update to Google’s Chrome Browser. We recommend updating to the newest version as soon as possible. 

Google has designed Chrome to self-update, but you’ll need to push the “Update” button to complete the process. It’s located in the top right hand corner of your browser window and looks like this:

If you do not use the “Update” button, here’s how to manually update your Chrome browser to version 99.0.4844.84.

How to Update Chrome Browser Manually

  1. Open Chrome Browser and navigate to Help → About Google Chrome
  2. Chrome should immediately check for updates on its own and begin downloading and installing. Once complete, click the Relaunch button and confirm you are now running 99.0.4844.84.

  3. Repeat step 1 and verify that the update has successfully installed.

We strongly encourage you to do this on every device you own to ensure that your data is kept secure from this vulnerability. Many other web browsers work on a similar architecture to Chrome, so we encourage you to check the update status of whatever browser you’re using and make sure your software is current.

As always, SJSU IT is available to provide whatever assistance you may need. The SJSU IT Service Desk is available online, by phone at (408) 924-1530, or via email at

Thank you,
Bob Lim

Bringing Multi-Factor Authentication to Our Students

In Spring 2021, we moved to protect our entire student population with multi-factor authentication (MFA). We rolled out MFA to more than 47,000 students in five waves, with the last group of accounts activated on April 9, 2021. As of today, 100% of SJSU accounts are protected with MFA.  

Our data shows that MFA works at SJSU. From September 2020 to February 2021, just before the student rollout, MFA blocked access almost 100,000 times, which is 4.6% of all attempted logins during that time span. Recently, other campuses without MFA have been attacked through unprotected student accounts. 

Protecting our student accounts with MFA is a major part of our strategy to be one of the most secure campuses in the country. Attackers have started playing the long game. They’re gaining access to student accounts, targeting people majoring in fields that are high income or who may have access to valuable research. Once they have passwords that work and access they can use, they wait five, ten, or more years to use that access to ransom user data or get into secure corporate systems. MFA for our students isn’t just about protecting them while they’re on campus, but protecting them when they’re alumni. 

There are lots of people in SJSU IT who worked on this rollout, but we couldn’t have done it without the support of Student Affairs, especially Robb Drury and Bonnie Sugiyama. I want to call out Maggie Panahi, Jason Ferguson, Sharon Watkins, Alfred Eclipse, Tristan Orlino, Andy Trembley, and James Anderson for their contributions. 

Best regards,
Bob Lim

Premium Password Management for SJSU

Logo for LastPass

One of the driving goals of SJSU IT is to make San Jose State University the safest campus in the country. Our strategy for getting there is to make security easier. We use a layered approach to put extra barriers between attackers and your data. One of the simplest but most effective protections is good password management — having strong passwords unique to each site you use that you change regularly. But that can be a pain. With dozens or hundreds of accounts all over the web, it’s almost impossible for us to keep track of what passwords we’re using where and when we last changed them. A password manager simplifies that whole process for you, making everyday security easier.

I first let campus know about our plans to bring LastPass’ enterprise password management to everyone in our campus community at no cost back in October 2020. LastPass will suggest, store, and autofill extra-secure random combinations of numbers, letters, and symbols for all of your accounts. Because LastPass encrypts all of your passwords, it’s much more secure than keeping them on a notepad or Google Doc and more reliable than trying to remember everything. 

The SJSU IT Information Security Office will continue to keep you updated on when it’s ready for you.

I want to thank Ravi Pisupati, Michael Hastings, Nikhil Mistry, Tristan Orlino, Andy Trembley, Bruce Gardner, and Jason Ferguson for working on bringing LastPass to our community.

Best regards,
Bob Lim

Simplifying Password Changes and Resets

An example of the password challenge screen.

SJSU IT will be simplifying the way you change and reset your password for your SJSUOne account. When these changes go live, you’ll be prompted to add a challenge question and answer to your account. Once completed, you will have the ability to reset your password directly through the login interface you’re already using. The new process is simpler and more user-friendly — you’ll be notified of your expiring password when you attempt to login and have the option to change it right away. 

While this is a small change for our university, it represents a double-win for our long-term technology strategy. This closes two small holes for attackers to exploit (adding a challenge question and allowing you to change your password right away without reminder emails or going to another site), getting us closer to our goal of becoming the most secure university in the nation. It also streamlines backend processes, increasing opportunities for automation and integration.

We’ll email our faculty, students, and staff with more details when we go live in March/April 2021.

I want to thank Maggie Panahi, Natasha Jones, Andy Trembley, Tristan Orlino, Jason Ferguson, Sharon Watkins, and Bruce Gardner, who have been working hard to get this ready.

Best regards,
Bob Lim

Cybersecurity Newsletter for Fall 2020

Dear SJSU Community,

With the transition to remote modalities, most of you are now learning, teaching, and working from home without the protections of SJSU’s fortified network. This coincides with an uptick in cybercriminal activity as malicious attackers look to prey upon our uncertainties and anxieties. We want to help by giving you the tools and resources to protect your digital life.

Security is very important for us. It’s one of our driving goals, as outlined in President Papazian’s Transformation 2030 strategic plan. We want to be the safest university in the country. And it’s even more important to us today as we look outside traditional answers to protect you off-campus.

We’ve partnered with Sophos, our campus antivirus vendor, to secure Sophos Home Premium licenses for faculty, staff, and students. Sophos Home Premium is an industry-leading, AI-enabled antivirus tool with features like real-time antivirus monitoring, ransomware protection, privacy & identity protection, and more. Home Premium usually retails for $60, but you can use your email account to download and install it for free on up to 10 computers.


Duo Multi-Factor Authentication
As of December 2019, all faculty and staff were required to have Duo Multi-Factor Authentication on their SJSU accounts. Adding an additional layer of security by requiring login confirmation from a mobile device has made their accounts much, much more secure. In April, we opened up this option for students who wanted to protect their accounts from malicious agents. Over the next year and a half, we’ll be gradually requiring students to enable Duo on their accounts. If you’re a student, we highly encourage you to sign up early and protect your account today. Plus, if you enroll in Duo, we’ll extend your password renewal timeline from 180 days to two years. You can learn more about Duo and how it works on our Duo for Students website.


A strong password is the first line of defense for your account. We’ll be partnering with LastPass to provide premium password management software for all SJSU students, faculty, and staff. We all know that we should have different passwords for every account we have everywhere. Still, all those passwords can be hard to remember and continually coming up with new ones feels like an uphill battle. LastPass will suggest, store, and autofill extra-secure random combinations of numbers, letters, and symbols for all of your accounts. Because LastPass encrypts all of your passwords, it’s much more secure than keeping them on a notepad or Google Doc. We’ll follow up with you on where and how to add SJSU LastPass to your devices later this semester.

Constant Vigilance
The first, best, and most effective defense against malicious actors is always you. The SJSU IT Information Security team has resources, training, and help for you to become a more critical user. I encourage you to explore our website, sign up for a Zoom training, and try some of the available security tools.


Thank You
I know that not everybody finds information security as exciting a topic as I do. So I want to thank our entire university, all the way from incoming frosh to President Papazian, for taking data safety so seriously. Together, we can make SJSU the safest campus in the country.

Bob Lim
VP of Information Technology
and CIO at San Jose State University

Hien Huynh
Information Security Officer