Compromised Accounts...Next Steps

What is a Compromised Account?

An account is compromised when the username and password are known by an unauthorized individual or group of individuals.  Compromised Accounts are used by attackers to obtain sensitive information, steal paychecks or financial aid refunds, or send spam.  The BGSU Information Security Team takes all compromised accounts very seriously.

If you believe your account may be compromised...what are the next steps?  Please follow the procedures below to secure your BGSU Account.

Change your BGSU Password

  1. Immediately log into MyBGSU and change your password by clicking on Help Desk in the top right and then Change BGSU Password in the lower left.  (see "Tips to create a strong password" below for suggestions on picking a good password)
  2. Contact the Technology Support Center and ask to speak with the Information Security Office to discuss how to best respond if any sensitive information may have been exposed.

Use Two Step Authentication

We strongly encourage you to use two step authentication.  The process requires you to enter your username and password, but after you submit them you are notified on your mobile phone via a text or phone call.  Once you approve the request, you are granted access to your account.  The two step authentication is the latest technology used to protect your account, because it includes something you know (password) and the approval notification on your mobile device.

Currently, the following critical services are protected by Two Step Authentication:

  • Payroll Direct Deposit Self-Service
  • Student Account e-Refund Self-Service (BGSU Refund)
  • W2 Access
  • 1098-T Access

The BGSU Information Security Office recommends you access one of these services within the portal to go through the enrollment process and ensure the your account is properly configured to use Two Step Authentication.

Additionally, BGSU users have the ability to "opt in" to using Two Step Authentication each time they log in to the portal.  Here are instructions for this:

  1. Sign into MyBGSU with your BGSU username and password.
  2. Scroll down on the left side menu to Account Admin.
  3. Click on Two Step Authentication link.
  4. Click on "Yes, Opt-In" radio button to start protecting all of MyBGSU portal by Two Step Authentication.
  5. Click the Save button to save your changes.

 

Update and Scan

Make sure your mobile device or computer is running the latest version of its operating system.  Commonly known software bugs are fixed in these updates and help protect your computer or mobile device from attacks.

Install a brand name anti-virus product on your computer.  Schedule the program to run on a daily/weekly basis.  Also, keep the virus definintion file updated too.  This file will have a list of all the known computer viruses/malware and will keep you protected against them.   

Security Suggestions

The BGSU Information Security Team strongly recommends not using untrusted apps to access email on your mobile devices.  Some examples of these apps are listed below.  We do not recommend using these apps because their design allows them to capture your username and password.

  • My Mail
  • Spark
  • Newton

Instead of apps such as these the BGSU Information Security Team recommends that you use the Outlook app to access BGSU email.  Native mail apps on mobile devices are also safe to use if preferred. 

Password manager applications provide a safe way to store passwords.  The applications help the user organize and create strong passwords, encrypt the passwords, and access them from any device, and use two-factor authentication.  According to PC Magazine's article "The Best Password Managers of 2016", below are their top three suggested password manager applications (in no particular order).

  • LastPass*
  • Dashlane
  • Sticky Password
  • KeePass*

       *denotes that a free version is offered

Tips to create a strong password

We strongly encourage you to use different passwords for all of your sensitive information accounts.  For example, use a unique password for your email and online banking accounts.  Using different and unique passwords for each account helps to minimize the impact in the event that an someone gains access to one of your accounts.

Use a variety of numbers, symbols, upper and lower case letters in your password.  By using a mixture of 8 characters to create your password, it creates over 30,000 possible combinations.  Overall, it makes your password that much harder to guess.

While creating your password with a mixture of numbers, symbols, upper and lower cases, don't use personal information.  Pick a random sentence and use the first letter of each word, along with punctuation, as the password.  For example, "Fred And Wilma Like To Have Ham And Eggs For Dinner" would become "F&Wl2hh&e4d.".  Please don't use the example as your password.  Avoid simple passwords like "password1234" or "abcd1234", thieves know people use those passwords and try them first.  It makes their job easier to gain access to your accounts, by using common passwords.

If the website allows you to create your own security questions, try to create a question/answer that can't be answered by searching your Facebook or blogging websites.  If the website provides a list of questions for you to choose from, use a mixture of letters, numbers and symbols in your answer.  This will help protect your answer because the intruder won't know the special combo of characters you used to answer the question.

Another alternative to a conventional password is to use a sentence or phase as a password.  This is a simple way to create a long password that is easy to remember.  The use of sentence or phrase makes it more difficult for an attacker to steal your login information so they can gain access to your BGSU account.  In addition to your BGSU account, the BGSU Information Security Office recommends using this technique on your other personal accounts.

The number one thing not to do is write down your password and store it near your computer or in a location that is not locked.  Whether it be a post it note or a piece of paper taped to the bottom of your keyboard, avoid these common mistakes and secure your passwords.  If you store your passwords in a file on your laptop/computer, encryption software should be used to encrypt the file.  Password managers are also a good option to protect passwords (see more under Other Security Suggestions below).  The more difficult you make it to get your passwords, it increases your odds intruders will move on to an easier target.