Virus/Security - Technology Support Services

Documentation

1. Updates fix problems and help make your computer run better.
2. Some updates are scheduled to be available at routine intervals. For instance Windows updates typically come out the second Tuesday of the month. Windows computers are configured to automatically download the updates but not install them until the next time the computer is restarted. For this reason you will want to install the updates at a time that is convenient for you rather than have them automatically install at a critical time when you need your computer such as when finishing a paper, studying for an exam, or when you need to take an online exam.
3. Your computer connects to the NMU network, and unless it has the latest updates, it can create a weak spot on the network. In other words, an non-updated computer can be taken over by someone else, via the network, and used to attack the network itself and other Web sites.
4. You are responsible for any actions taken through your computer, even if you are not doing them. If your computer is found to be attacking other sites and/or distributing illegal material, your NMU account may be locked out and any computers registered under your account will not be allowed to access the campus network.
5. Fortunately, updating is easy. Visit our Windows Update page or Apple's Mac Update page to learn how.

Documentation

Your password protects your account. You can also add a second layer of protection with "2 Factor Authentication" so even if somebody manages to steal your password, it is not enough to get into your account. This additional form of authentication (sometimes referred to as 2FA or TFA) is completely independent from your username and password.

How It Works

You will login as usual with your username and password, then enter an additional code from either an Authenticator App, a Security Key, or a set of Backup Codes to verify that it is in fact you. You can also click a checkbox at the login page to trust a device for 30 days so you can just use your  username and password to log in on that device.

Recommendations

• Enable more than one 2 factor authentication method such as using both an Authenticator app and Backup Codes!
• Remember / Trust more than one browser/device by clicking the checkbox at the bottom left corner of the login prompt before logging in. Do this on different days for each browser/device so they both don't reach the 30 day limit on the same day.

This will trust that device for 30 days and you will not be required to enter the additional 2 factor code on that device during the 30 day period. It's best if you don’t trust multiple devices on the same day so they don’t all expire at the same time. The browser/device trust is managed through the use of browser cookies, so if you clear your browser's cookies then you remove any existing 30 day trust and cause the two factor authentication prompt to occur when you next login.

3 Options for Setting Up 2 Factor Authentication for NMU Services

There are 3 options for setting up 2 Factor Authentication for NMU services like MyNMU and MyUser; an authenticator app, USB security key, and backup codes.

Authenticator App (Best for mobile devices - tablets or smartphones)

Using a mobile authenticator app on your smartphone, tablet, or computer as a second factor during login. Enabling this option will require that you enter a code generated by the authenticator app as a second factor during the login process. Google Authenticator  and Microsoft Authenticator are 2 authenticator apps that will work. Google Authenticator works on Android and Apple iOS devices. Install the authenticator app BEFORE turning on this option for NMU Services.

For quick set-up instructions see: 2FA Quick Steps 

USB Security Key (Requires extra hardware)

Requires FIDO U2F Security Key device, typically a USB device, to be attached to the computer you are logging in from. NOTE: Security keys are currently only compatible with the Chrome web browser.

For step by step instructions see: Using a Security Key for 2 factor authentication

Backup Codes (Used as a backup to the other options)

Backup codes come in sets of 10 that you generate at https://myuser.nmu.edu/user. Each of the 10 Backup Codes can only be used once. When a backup code is used it will become inactive. Typically you print them out, keep them in a secure location, and check them off as you use each one. You can generate a new set codes at any point, automatically making the old set inactive. If you use back up codes it is recommended you get a new set of 10 codes before you use the last code and run out of the current set of backup codes you are using.

For step by step instructions see: Using Backup Codes for 2 factor Authentication

     Notes:

• Once you complete these steps, you will be required to use 2 factor to log into MyNMU, MyUser, and other NMU services that require it.
• If 2 factor authentication is preventing you from accessing NMU Services verify the problem also occurs at https://myuser.nmu.edu/user . If it doesn't work there then use MyUser's recovery link to reset your password and change or verify your 2 factor authentication settings.

NMU G Suite Account 2 Factor Authentication

2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to set up 2 factor authenticaton for your NMU G Suite account is available at https://www.google.com/2step.

See also: 2 Factor Authentication Frequently Asked Questions

Documentation

Setting up Backup Codes for 2 factor authentication

      1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Account Status/Change my Password” and login with your NMU ID and password.

      3. Click the Security Tab, then“Setup Codes" button under “Backup Codes”.

      4. The 10 backup codes will be displayed. Record or print the 10 backup codes and keep them with you. Each backup code can be used only once. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

Using Backup Codes for 2 factor Authentication

      1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember this computer for 30 days” if this is a personal device you feel you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

      2. Enter one of your 10 backup codes and click “Next”.

      3. Cross out the backup code you used since it can’t be used ever again.

      4. Once you have used 8 to 9 backup codes get more backup codes at https://myuser.nmu.edu/user before using the last one.

We recommend you also set up another form of 2-factor authentication such as the Google Authenticator or Authy Authenticator App so you have more than one method of 2-factor authentication.

Documentation

Setting up Google Authenticator for 2 factor authentication

These instructions provide an overview of the process and the process may have changed if the authenticator app was recently updated. If you find you need more assistance than provided here please contact NMU Technology Support Services.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up an Authenticator App.

    1. Get the “Google Authenticator” app for your iOS or Android device from the Apple App Store or Google Play.

    2. Run the “Google Authenticator”  app.

    3. On a computer or another device, go to https://myuser.nmu.edu/user, click “Manage Your User Account” and login with your NMU ID and password.

    4. Click on the “Security” tab and then the “Display options” button under “2-Step Verification”.

    5. Click the “Setup App” button under “Authenticator App”. A QR Code will be displayed. If the “Setup App” button isn't available but a "Remove" button is then an authenticator app has already been configured for your account. If you want to delete the current one and set up the Google Authenticator click the "Remove" button and the “Setup App” button will become available.

    6. On your iOS or Android device click the "+" (plus sign) in the upper right of the screen and then the "Scan barcode" option at the bottom.

    7. Google Authenticator may prompt for you to allow access to the Camera. Click “OK”.

    8. Scan the QR Code displayed on the computer or other device.

    9. Google Authenticator will display NMU, your NMU email address as your account name and your current 6 digit token number. The 6 digit token number renews every 30 seconds.

    12. Enter the current 6 digit token number into https://myuser.nmu.edu/user on your computer or another device and click the “Verify” button.

    13. The screen will indicate if the app was successfully added and then revert to the previous screen showing the time and date the app was authorized. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

    14. Log out of https://myuser.nmu.edu/user.

Using Google Authenticator for 2 factor authentication

    1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember for 30 days” if this is a personal device you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

    2. Open your Google Authenticator app on your iOS or Android device and enter the current token displayed and click “Next”.

Documentation

Setting up a Security Key for 2 factor authentication

A FIDO U2F Security Key is typically a USB or other device you can connect to your computer to be used as a second step in 2 factor authentication. Security keys are currently only compatible with the Chrome web browser.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up a Security Key.

1. Have a FIDO U2F Security Key available prior to starting this process.
   
2. Use the Chrome web browser for setting up and using a FIDO security key. If you do not already have the Chrome web browser installed you can download it from https://chrome.com.
3. Using the Chrome web browser, go to https://myuser.nmu.edu/user, click “Account Status/Change My Password” and login with your NMU ID and password.
   
4. Click on the “Security” tab and then the “Add Security Key” button.
   
   

5. The following instructions will be displayed to add the security key. Follow the instructions:
   

    

6. Once you tap the button or gold disc on the security key you will briefly see the message: "Your security key has been registered." Then the web page will go back to the “2-Step Verification" screen and you will receive a confirmation via email. You can now remove the FIDO security key.
7. Log out of https://myuser.nmu.edu/user.

Using a Security Key for 2 factor authentication

1. The Chrome web browser is required for using a FIDO security key. If you want to use the Firefox web browser it will have to be configured to allow using the USB security key.
2. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to insert your security key. You can also check the “Remember this computer for 30 days” check box if you want to trust this computer.
3. Insert the FIDO security key.
4. Press the gold disk or button on the key and the 2 factor authentication will be accepted and you will be logged in.
5. You can remove the FIDO Key and store it in a safe place.

Documentation

Please read the information below on how to be safer on the Internet. If you have any questions please contact the Computing HelpDesk, 906-227-2468, HelpDesk@nmu.edu.

General Safety Tips
Phishing Attempts
Password Safety

General Safety Tips

• NMU will never ask for your password.
• If you ever have a question about the status of your NMU account, log into http://myuser.nmu.edu/user to view the account status.
• Typically NMU, your bank, your credit cards, Facebook, PayPal, eBay, the IRS, federal and state governments will not ask for any of your personal information via email. When in doubt log into a known good web address for the service to see if the same request is referenced there. for NMU that would be http://myuser.nmu.edu/user and http://mynmu.nmu.edu.
• If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
• Lock your computer when you leave.
• Destroy or shred documents with personal information when you're finished with them.
• Don't visit or download from sites you do not trust.
• If you have any questions or problems please contact the Computing HelpDesk, 906-227-2468, HelpDesk@nmu.edu.

Phishing Attempts

Beware of phishy email appearing to be about your NMU account. A phishing attempt is an attempt via email to get personal information from you such as your User ID and password or even bank or credit card details. The email message may also contain a link to a website requesting the same information. Phishy email messages can appear to come from helpdesk@nmu.edu or similar email addresses and referencing upgrading your mailbox or account. These are not actually from helpdesk@nmu.edu or any NMU account but from accounts on the internet and spoofed to appear to come from NMU. Click here to find out more about identifying and deflecting phishing attempts. 
 

Password Safety

Having strong passwords is important for keeping your accounts and personal information secure. Here are some hints for creating a safe password.

• Use a longer password
• Change your password often
• Ensure that you can remember your password
• Don't use easily identifiable personal information like children's names or birthdays
• Some systems won't accept spaces, special characters, or only allow passwords of certian lengths, though the more complex the password, the safer your information will be
• Don't keep you password in a place where it can be found or seen
• Don't share your password with people, businesses, or even the HelpDesk
• Have different passwords for each account
• For more information on choosing passwords, visit http://www.us-cert.gov/cas/tips/ST04-002.html

NMU password requirements ensure that your password is safe and difficult to guess. The requirements are as follows:

• Must be 8 to 16 characters in length
• First character must be a letter of the alphabet (a-z)
• Must contain at least one numeric (0-9) character
• Must contain at least one of these special characters: ~!%^*_+-{}|[]\:?./
• Spaces are not allowed
• Passwords are case sensitive
• Passwords may not be reused for two years

Documentation

If you don't know your password or can't log into NMU services such as Email, MyNMU, or Educat, or your NMU G Suite account:

1. If you are new to NMU and have not set up your @nmu.edu account go to the MyUser "New User Page", https://myuser.nmu.edu/newuser. If you are a new user and can't log into MyUser "New User Page" contact the HelpDesk.


2. If you have already set up your @nmu.edu account and can't log into any NMU services such as Email, MyNMU, or Educat, or your NMU G Suite account go to the MyUser "View account status" page, https://myuser.nmu.edu/user, and use the "Login" button in the upper right corner of the page to login. You can log into the MyUser "View account status" page when your account will not work anywhere else to verify your account status and identify any problems and solutions for your account.


3. If you have already set up your @nmu.edu account and can't log into the MyUser "View account status" page  go to the MyUser "I lost my Password " page, https://myuser.nmu.edu/recover, and enter the required information to recover access to your account. If you can't log in there contact the HelpDesk.

Documentation

Occasionally, additional clicks may be required to view video in EduCat. Some browsers see the embedded video code, and temporarily block it to let you know that it may contain insecure content. This includes embedded video code from YouTube, Google Videos, Ted Talks, and our own WildCast server. In the case of our server, there is no malicious code, but the warning is displayed regardless. Follow the instructions below to allow EduCat videos to properly load.

• Firefox
• Chrome
• Explorer

Firefox

1. Click the shield icon in the upper left corner of Firefox.
    

2. In the small message that appears, select "Disable Protection on This Page" from the drop-down menu. 

Chrome

1. Click the shield icon to the left of the URL bar.
    

2. In the drop-down message, select "Load unsafe script." 
    

Explorer

1. After clicking the link, a security warning will appear. Be sure to click "No" on the "Security Warning" box.
  

2. If the "Only secure content is displayed." warning appears, click "Show all content." 

Documentation

NMU 2 factor authentication can be set up using Authenticator Apps, Backup Codes, or Security Keys. These instructions cover how to disable each of those options individually. You can disable one or more of them. NMU recommends you always have more than one 2 factor authentication method enabled.

1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Manage Account” and login with your NMU ID and password.

    

   

2. Click on the “Security” tab and then the “Display TFA” button under “2-Step Verification”. The following page will be displayed.

    

   

3. To disable the current Authenticator App click the "Remove" button in the "Authenticator App" box.

4. To disable the current Backup Codes click the "Remove" button in the "Backup Codes" box.

    

5. To disable a Security Key click the "Pencil" icon in the "Security Key" box, then click the "Delete Security Key" button.

    

   

6. To revoke all trusted devices click the "Revoke All' button in the "Devices you trust" box.

7. If all 2 factor authenthication methods are disabled the "2-step Verificaton" box at the top of the page should show it is "OFF".

    

   Note:

   • 2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to configure 2 factor authenticaton for your NMU G Suite account is avalable at https://www.google.com/2step.

Documentation

Helpful tips for helping to keep your identity, personal information and data secure. More information on these topics and more can be found on the pages linked at the bottom of the page.

Phishing Emails

• Never respond to requests for personal information via email. Businesses will never ask for personal information in an email.
• Do not enter personal information in a pop-up screen.
• Do not click on any links listed in an e-mail message. Copy and paste the URL into your browser.
• Marking phishy emails as spam in gmail will make it more likely gmail will identify future messages as spam for you and others with NMU accounts.
• Use anti-virus and anti-spyware software and update them regularly.

Dispose of Information Properly

• Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, and health records.
• Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices.

Ethics - Be a good cyber citizen

• Do not engage in inappropriate conduct, such as cyberbullying, cyberstalking or rude and offensive behavior.
• Do not do something in cyberspace that you would consider wrong or illegal in everyday life.
• Do not impersonate someone else. It is wrong to create sites, pages, or posts that seem to come from someone else.
• Adhere to copyright restrictions when downloading material from the Internet.
• Do not use someone else's password or other identifying information.

Lock it when you leave

• It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
• Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.
• If your computer is used by more than one person, you may want to create individual accounts, with unique login and passwords for each user.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Do not set the option that allows a computer to remember any password.

Protect data on mobile devices

• Ask yourself "Is it really necessary that I transport this sensitive information?" If the answer is no, then do not copy the information.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts.
• Store your portable devices securely. When not in use, store devices out of sight and when possible in a locked drawer or cabinet.

Protect mobile devices

• Password-protect your portable device.
• Be sure all critical information is backed up.
• Disable Bluetooth when not required.
• Make sure your firewall and anti-virus are up-to-date.
• Store your portable devices securely.
• Record identifying information such as serial number and label your equipment if possible.
• Report the loss or theft to the appropriate authorities as soon as possible.

Additional Information

• National Cyber awareness tips
• MSISAC Daily tip
• State of Michigan cyber security website
• Department of homeland security
• Stay Safe online
• FCC Smartphone security checklist
• Protect your privacy on the internet (Microsoft)