Tips for Protecting Your UT Accounts
Accounts and Passwords
- Is your NetID password the same password as your personal online accounts, such as Twitter, Instagram, or Facebook?
- Is our NetID or UT email address the username for your personal accounts?
- Do you write your password down?
- Is the name of your family, pet or favorite sports team in your password?
- Do you have any dictionary words (any language) in your password?
- Use a different password for your NetID from your personal online accounts to lessen the likelihood of someone gaining access to all your accounts if one of your passwords is compromised.
- Do not use your UT NetID or UT email address as the username for your personal accounts, such as Instagram, Twitter, and Facebook.
- You should never write your password down. Choose a password you can remember that is between 8 and 16 characters long with alpha numeric and special characters or try using a passphrase. Instead of a single word, use a series of words that is easy to remember, such as “Whereismycoffee?” The longer your passphrase is, the stronger.
- Never use the names of your family, pets or favorite sports teams as your password.
- Never use dictionary words in any language as your password unless you are using a passphrase.
Two-Factor Authentication
Two-factor authentication will help protect your information as well as university information such as research, student, and employee data. In conjunction with your NetID and password, it provides an additional, substantial layer of protection against the risk of stolen credentials and compromised accounts, the top action contributing to organizational breaches.
Sign up and learn more about 2FA.
Email Scams
Phishing is an attempt to trick you into revealing private information. Emails, texts, or phone calls can “fish” for information by trying to lure you into giving passwords, credit card numbers, etc., to a malicious third party. Official emails from UT will be from a UT account, not a .com or .net account.
When you receive an email, ask yourself the following questions:
- Are they requesting personal information?
- Is there a sense of urgency?
- Who is the email from?
- Is there spelling and grammar mistakes?
- Do the hyperlinks within the email take you to a non-UT website?
If you answered yes, to any of these questions, the email may be a scam.
Watch this video or visit OIT’s Phishing website to learn more about how to spot a phishing scam and what to do when you receive one.
Browsing the Web
There are several steps you can take to protect yourself when you are browsing the internet.
- Update web browsers regularly and enable security features
- Keep your antivirus and anti-malware software up to date
- Guard personal information. Look for signs of an encrypted webpage when providing sensitive personal information (credit card or banking information, SSNs, etc.) online; key identifiers include a URL for the website’s login page that begins with “https” and a padlock icon in your browser status bar (the location of this icon will vary based on browser)
- Log off the site when you complete your transaction.
- Be wary of Internet downloads. Downloaded files like software or other media can hide malware on your computer without your knowledge
Protect your UT accounts when away from campus
When traveling it’s convenient to use public WiFi hotspots in places like airports and restaurants, however, public WiFi networks should be thought of as just that: public. Because you’re sharing the network with strangers, there’s the risk that someone is using readily available software that snoops on what you’re doing.
- Don’t do anything via public WiFi that you wouldn’t want an eavesdropper to know – including logging into accounts with passwords. Use public WiFi for topics of conversation you would happily discuss in public.
- Connect to UT’s virtual private network (VPN) to access UT resources securely, such as your pay statement or MyUTK.
- Don’t let your device connect to public WiFi spots automatically
- Delete out the WiFi access points you’ve used when you arrive home.
- Check with the establishment you’re at to make sure the network you log onto is really theirs, and not one a snoop has set up to trick you
Test your two-factor authentication when you are planning to travel. The Duo mobile app will generate an authentication passcode by tapping the icon within the app. You do not need an internet connection or a cellular signal to generate these passcodes. If you are not taking your phone with you on your trip, contact the OIT HelpDesk for a temporary code or request a hardware token.