security - Technology Support Services

Documentation

​Occasionally, PowerPoint may present the error, "SECURITY WARNING References to external media objects have been blocked" or will not play a video. These instructions will help you to play videos without blocking them. 
 

1. Exit and reopen PowerPoint with the presentation that is having video playback issues.


2. A yellow bar at the top should present itself, stating "SECURITY WARNING References to external media objects have been blocked." Click "Enable Content."
   

3. The video should now play normally in presentation mode.
 

If the video does not play normally, or if the prompt above does not appear, follow the instructions below to prevent the video from being blocked. 

1. Click on the "File" tab in the upper left corner of PowerPoint. 
    

2. Select "Options" from the menu that opens to the left. 
    

3. In the new window that opens, choose "Trust Center" from the left menu and select the "Trust Center Settings" button. 
    

4. Choose the "Protected View" item from the left menu and uncheck all three boxes. Click the "OK" button. 
    

5. Close PowerPoint and all boxes, then reopen the desired PowerPoint document. 

6. Repeat steps two and three from part one of these instructions. 

Documentation

Your password protects your account. You can also add a second layer of protection with "2 Factor Authentication" so even if somebody manages to steal your password, it is not enough to get into your account. This additional form of authentication (sometimes referred to as 2FA or TFA) is completely independent from your username and password.

How It Works

You will login as usual with your username and password, then enter an additional code from either an Authenticator App, a Security Key, or a set of Backup Codes to verify that it is in fact you. You can also click a checkbox at the login page to trust a device for 30 days so you can just use your  username and password to log in on that device.

Recommendations

• Enable more than one 2 factor authentication method such as using both an Authenticator app and Backup Codes!
• Remember / Trust more than one browser/device by clicking the checkbox at the bottom left corner of the login prompt before logging in. Do this on different days for each browser/device so they both don't reach the 30 day limit on the same day.

This will trust that device for 30 days and you will not be required to enter the additional 2 factor code on that device during the 30 day period. It's best if you don’t trust multiple devices on the same day so they don’t all expire at the same time. The browser/device trust is managed through the use of browser cookies, so if you clear your browser's cookies then you remove any existing 30 day trust and cause the two factor authentication prompt to occur when you next login.

3 Options for Setting Up 2 Factor Authentication for NMU Services

There are 3 options for setting up 2 Factor Authentication for NMU services like MyNMU and MyUser; an authenticator app, USB security key, and backup codes.

Authenticator App (Best for mobile devices - tablets or smartphones)

Using a mobile authenticator app on your smartphone, tablet, or computer as a second factor during login. Enabling this option will require that you enter a code generated by the authenticator app as a second factor during the login process. Google Authenticator  and Microsoft Authenticator are 2 authenticator apps that will work. Google Authenticator works on Android and Apple iOS devices. Install the authenticator app BEFORE turning on this option for NMU Services.

For quick set-up instructions see: 2FA Quick Steps 

USB Security Key (Requires extra hardware)

Requires FIDO U2F Security Key device, typically a USB device, to be attached to the computer you are logging in from. NOTE: Security keys are currently only compatible with the Chrome web browser.

For step by step instructions see: Using a Security Key for 2 factor authentication

Backup Codes (Used as a backup to the other options)

Backup codes come in sets of 10 that you generate at https://myuser.nmu.edu/user. Each of the 10 Backup Codes can only be used once. When a backup code is used it will become inactive. Typically you print them out, keep them in a secure location, and check them off as you use each one. You can generate a new set codes at any point, automatically making the old set inactive. If you use back up codes it is recommended you get a new set of 10 codes before you use the last code and run out of the current set of backup codes you are using.

For step by step instructions see: Using Backup Codes for 2 factor Authentication

     Notes:

• Once you complete these steps, you will be required to use 2 factor to log into MyNMU, MyUser, and other NMU services that require it.
• If 2 factor authentication is preventing you from accessing NMU Services verify the problem also occurs at https://myuser.nmu.edu/user . If it doesn't work there then use MyUser's recovery link to reset your password and change or verify your 2 factor authentication settings.

NMU G Suite Account 2 Factor Authentication

2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to set up 2 factor authenticaton for your NMU G Suite account is available at https://www.google.com/2step.

See also: 2 Factor Authentication Frequently Asked Questions

Documentation

Setting up Backup Codes for 2 factor authentication

      1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Account Status/Change my Password” and login with your NMU ID and password.

      3. Click the Security Tab, then“Setup Codes" button under “Backup Codes”.

      4. The 10 backup codes will be displayed. Record or print the 10 backup codes and keep them with you. Each backup code can be used only once. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

Using Backup Codes for 2 factor Authentication

      1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember this computer for 30 days” if this is a personal device you feel you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

      2. Enter one of your 10 backup codes and click “Next”.

      3. Cross out the backup code you used since it can’t be used ever again.

      4. Once you have used 8 to 9 backup codes get more backup codes at https://myuser.nmu.edu/user before using the last one.

We recommend you also set up another form of 2-factor authentication such as the Google Authenticator or Authy Authenticator App so you have more than one method of 2-factor authentication.

Documentation

Setting up Google Authenticator for 2 factor authentication

These instructions provide an overview of the process and the process may have changed if the authenticator app was recently updated. If you find you need more assistance than provided here please contact NMU Technology Support Services.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up an Authenticator App.

    1. Get the “Google Authenticator” app for your iOS or Android device from the Apple App Store or Google Play.

    2. Run the “Google Authenticator”  app.

    3. On a computer or another device, go to https://myuser.nmu.edu/user, click “Manage Your User Account” and login with your NMU ID and password.

    4. Click on the “Security” tab and then the “Display options” button under “2-Step Verification”.

    5. Click the “Setup App” button under “Authenticator App”. A QR Code will be displayed. If the “Setup App” button isn't available but a "Remove" button is then an authenticator app has already been configured for your account. If you want to delete the current one and set up the Google Authenticator click the "Remove" button and the “Setup App” button will become available.

    6. On your iOS or Android device click the "+" (plus sign) in the upper right of the screen and then the "Scan barcode" option at the bottom.

    7. Google Authenticator may prompt for you to allow access to the Camera. Click “OK”.

    8. Scan the QR Code displayed on the computer or other device.

    9. Google Authenticator will display NMU, your NMU email address as your account name and your current 6 digit token number. The 6 digit token number renews every 30 seconds.

    12. Enter the current 6 digit token number into https://myuser.nmu.edu/user on your computer or another device and click the “Verify” button.

    13. The screen will indicate if the app was successfully added and then revert to the previous screen showing the time and date the app was authorized. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

    14. Log out of https://myuser.nmu.edu/user.

Using Google Authenticator for 2 factor authentication

    1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember for 30 days” if this is a personal device you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

    2. Open your Google Authenticator app on your iOS or Android device and enter the current token displayed and click “Next”.

Documentation

Setting up a Security Key for 2 factor authentication

A FIDO U2F Security Key is typically a USB or other device you can connect to your computer to be used as a second step in 2 factor authentication. Security keys are currently only compatible with the Chrome web browser.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up a Security Key.

1. Have a FIDO U2F Security Key available prior to starting this process.
   
2. Use the Chrome web browser for setting up and using a FIDO security key. If you do not already have the Chrome web browser installed you can download it from https://chrome.com.
3. Using the Chrome web browser, go to https://myuser.nmu.edu/user, click “Account Status/Change My Password” and login with your NMU ID and password.
   
4. Click on the “Security” tab and then the “Add Security Key” button.
   
   

5. The following instructions will be displayed to add the security key. Follow the instructions:
   

    

6. Once you tap the button or gold disc on the security key you will briefly see the message: "Your security key has been registered." Then the web page will go back to the “2-Step Verification" screen and you will receive a confirmation via email. You can now remove the FIDO security key.
7. Log out of https://myuser.nmu.edu/user.

Using a Security Key for 2 factor authentication

1. The Chrome web browser is required for using a FIDO security key. If you want to use the Firefox web browser it will have to be configured to allow using the USB security key.
2. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to insert your security key. You can also check the “Remember this computer for 30 days” check box if you want to trust this computer.
3. Insert the FIDO security key.
4. Press the gold disk or button on the key and the 2 factor authentication will be accepted and you will be logged in.
5. You can remove the FIDO Key and store it in a safe place.

Documentation

Occasionally, additional clicks may be required to view video in EduCat. Some browsers see the embedded video code, and temporarily block it to let you know that it may contain insecure content. This includes embedded video code from YouTube, Google Videos, Ted Talks, and our own WildCast server. In the case of our server, there is no malicious code, but the warning is displayed regardless. Follow the instructions below to allow EduCat videos to properly load.

• Firefox
• Chrome
• Explorer

Firefox

1. Click the shield icon in the upper left corner of Firefox.
    

2. In the small message that appears, select "Disable Protection on This Page" from the drop-down menu. 

Chrome

1. Click the shield icon to the left of the URL bar.
    

2. In the drop-down message, select "Load unsafe script." 
    

Explorer

1. After clicking the link, a security warning will appear. Be sure to click "No" on the "Security Warning" box.
  

2. If the "Only secure content is displayed." warning appears, click "Show all content." 

Documentation

NMU 2 factor authentication can be set up using Authenticator Apps, Backup Codes, or Security Keys. These instructions cover how to disable each of those options individually. You can disable one or more of them. NMU recommends you always have more than one 2 factor authentication method enabled.

1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Manage Account” and login with your NMU ID and password.

    

   

2. Click on the “Security” tab and then the “Display TFA” button under “2-Step Verification”. The following page will be displayed.

    

   

3. To disable the current Authenticator App click the "Remove" button in the "Authenticator App" box.

4. To disable the current Backup Codes click the "Remove" button in the "Backup Codes" box.

    

5. To disable a Security Key click the "Pencil" icon in the "Security Key" box, then click the "Delete Security Key" button.

    

   

6. To revoke all trusted devices click the "Revoke All' button in the "Devices you trust" box.

7. If all 2 factor authenthication methods are disabled the "2-step Verificaton" box at the top of the page should show it is "OFF".

    

   Note:

   • 2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to configure 2 factor authenticaton for your NMU G Suite account is avalable at https://www.google.com/2step.

Documentation

Helpful tips for helping to keep your identity, personal information and data secure. More information on these topics and more can be found on the pages linked at the bottom of the page.

Phishing Emails

• Never respond to requests for personal information via email. Businesses will never ask for personal information in an email.
• Do not enter personal information in a pop-up screen.
• Do not click on any links listed in an e-mail message. Copy and paste the URL into your browser.
• Marking phishy emails as spam in gmail will make it more likely gmail will identify future messages as spam for you and others with NMU accounts.
• Use anti-virus and anti-spyware software and update them regularly.

Dispose of Information Properly

• Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, and health records.
• Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices.

Ethics - Be a good cyber citizen

• Do not engage in inappropriate conduct, such as cyberbullying, cyberstalking or rude and offensive behavior.
• Do not do something in cyberspace that you would consider wrong or illegal in everyday life.
• Do not impersonate someone else. It is wrong to create sites, pages, or posts that seem to come from someone else.
• Adhere to copyright restrictions when downloading material from the Internet.
• Do not use someone else's password or other identifying information.

Lock it when you leave

• It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
• Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.
• If your computer is used by more than one person, you may want to create individual accounts, with unique login and passwords for each user.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Do not set the option that allows a computer to remember any password.

Protect data on mobile devices

• Ask yourself "Is it really necessary that I transport this sensitive information?" If the answer is no, then do not copy the information.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts.
• Store your portable devices securely. When not in use, store devices out of sight and when possible in a locked drawer or cabinet.

Protect mobile devices

• Password-protect your portable device.
• Be sure all critical information is backed up.
• Disable Bluetooth when not required.
• Make sure your firewall and anti-virus are up-to-date.
• Store your portable devices securely.
• Record identifying information such as serial number and label your equipment if possible.
• Report the loss or theft to the appropriate authorities as soon as possible.

Additional Information

• National Cyber awareness tips
• MSISAC Daily tip
• State of Michigan cyber security website
• Department of homeland security
• Stay Safe online
• FCC Smartphone security checklist
• Protect your privacy on the internet (Microsoft)

Documentation

When you send a message over a wireless connection, someone who has the correct equipment can receive and decode the message. You have no way to know if someone is eavesdropping on messages you send or receive; this kind of eavesdropping is undetectable.

Although the NMU wireless networks require all users to register their wireless network hardware addresses, it is still possible for malicious users to eavesdrop on others.
 

Wireless Security Precautions and Vulnerabilities

Despite its vulnerability to eavesdropping, a wireless connection is reasonably secure for many things. Here are the scenarios you may encounter while using the wireless network, and the risk each potentially poses:

• All wired data connections at NMU are protected from eavesdropping. If you are concerned over the security of your transmission, use a wired connection.
• When you connect to MyUser.nmu.edu to find out your password and account information, connect using the address that begins with https instead of http. When you connect to https://myuser.nmu.edu/user, the connection uses SSL (a 128-bit encrypted secure connection) which is safe to use over a wireless connection.

• If you check your E-mail with Outlook on a wireless connection, someone may be able to get your ID and password, and read your E-mail.

  You can read E-mail on MyNMU without worrying that someone will get your user ID and password, because the login information is transmitted using a secure SSL (128-bit encrypted) connection. However, Your mail message is not encrypted, which means it is still not guaranteed to be private.

• If you connect to an FTP server over a wireless connection, someone may be able to get your ID and password.
• Using wireless connections for general Internet browsing should not pose any security risk, but may not be private.
• If you place a credit card order or submit sensitive form data, make sure the site is using SSL (a 128-bit encrypted secure connection). Connecting to a site using SLL is a minimal security risk. even over a wireless connection. To find out if a connection is using SSL, look for a lock icon in your browser, usually on the left side of the URL bar.
  If you do not see a lock icon in your browser window, do not submit credit card information or any other confidential data even if you are using a wired connection.

Documentation

The Windows screen saver can be changed to fit your personal preferences and make your computer more secure by requiring the Windows password after a set number of minutes of inactivity. The steps below cover the process of changing the screen saver. 

1. Right click on any empty space on the desktop and select "Personalize" from the drop-down menu. 
    
 

2. Click on the "Lock Screen" option on the left and scroll down the right side of the window and select "Screen saver settings".
    

3. In the new window, select the "Screen Saver" option from the pulldown menu. Set the "Wait" time to 5 minutes and check the "On resume, desplay the logon screen" checkbox. Click "Apply" and "OK". This will automatically bring up the screen saver after 5 minutes of inactivity and you will be prompted for the Windows password to use the computer.
    

4. HELPFUL HINT: You don't have to wait for your screen saver to lock your computer. You can lock your Windows computer at any time by using the "Ctrl-L" key combination. The "Ctrl-L" key combination will work any time you want secure your computer. You don't have to set up the screen saver to use the "Ctrl-L" key combination.