Category Archives: Post for MiddNotes

What does Multi-Factor Authentication mean for me?

Perhaps, after reading ITS’ recent announcement about “Multi-Factor Authentication”, you might be wondering, just what does this have to do with me?

Multi-Factor Authentication is one of the simplest and most effective steps that you can take to protect your Middlebury account and we’ve taken every possible step to make Multi-Factor Authentication simple and convenient.

ITS is introducing Multi-Factor Authentication because it has become increasingly obvious that passwords alone are not enough to protect your Middlebury account from being compromised. Multi-Factor Authentication is a tool that you can use to protect your Middlebury account. Using Multi-Factor Authentication protects you and, by extension, helps to safeguard the entire Middlebury College community.

Multi-Factor Authentication introduces one additional step during the login process to help ensure that it is really you and not someone else who has your password. It works by requiring a verification by phone in addition to your password. Any phone will work, including your office phone, your home phone, a regular cell phone, or a smartphone (like an iPhone or Android phone). You can even substitute a tablet, like an iPad, for the phone.

Multi-Factor Authentication image from http://it.miami.edu/

This extra verification step is only required if you are off-campus, and you have the option to only be prompted for the extra challenge once every 30 days (per device). The extra verification currently protects your email and Office 365 services, though ITS plans to expand Multi-Factor Authentication to additional services in the future.

Remember: you will only be prompted for the extra verification step if you are off-campus.

So, if you are off-campus, and trying to access email or Office 365, you will have to enter your username and password, just like normal, and then you will have to respond to an extra security challenge, by either answering your phone, typing in a verification code sent to your phone via text message, tapping “verify” on a mobile app notification, or typing in a verification code sent to you via the mobile app.

This extra step means that, even if someone has your password, they can’t access your account. They would still need to have access to your phone, to answer that extra security challenge, before they could get in.

If you are ready to get started with Multi-Factor Authentication, here’s what to do next:

  1. If you run the Microsoft Office suite (Outlook, Word, Excel, etc..), then the first thing you need to do is upgrade to Office 2016. Multi-Factor Authentication does not work with Office 2010. Visit http://go.middlebury.edu/office2016 for details.
  2. Before you start the Multi-Factor Authentication enrollment process, you should decide how you want to be verified: Office phone, home phone, or mobile phone.
    • Phone call, text, or mobile app. If you are using a mobile phone, you can choose between receiving a phone call, a text message, or using the mobile app.
    • Mobile app with a notification or verification code. If you opt to use the mobile app, choose between receiving a notification that you respond to, or a verification code.
  3. Submit a request to have Multi-Factor Authentication enabled on your account at http://go.middlebury.edu/getmfa.
  4. Complete the Multi-Factor Authentication setup process.

Note that you will be asked to set up a primary and a backup contact method during the setup process, and you can choose between all of the options that you have configured.

The enrollment process only takes a couple of minutes to complete, but we do have to enable your account for Multi-Factor Authentication before you can get started. To request multi-factor authentication, please visit http://go.middlebury.edu/getmfa, and submit a help desk ticket.

For more information on Multi-Factor Authentication, including tips to help ensure a quick and easy enrollment and setup, please review the Multi-Factor Authentication wiki at http://go.middlebury.edu/mfa.

Please note: This post is inspired by an article written by Kelly Gremban, at Microsoft, entitled, “What does Azure Multi-Factor Authentication mean for me?” A link to the original article can be found below.

References:

What does Azure Multi-Factor Authentication mean for me?
Kelly Gremban, Microsoft, August 22nd, 2016
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-end-user/ 

Multi-Factor Authentication image from http://it.miami.edu/

@MiddInfoSec – Phishing Alert: don’t fall for “EMPLOYEE PAYROLL.” scam email

Be on the alert for a suspicious email purportedly sent from “SENDER” with the subject line ” EMPLOYEE PAYROLL.”. This is a confirmed phishing message, designed to trick you into divulging your username and password. If you find a copy of this message in your spam quarantine, please ignore it. If you find a copy of the message in your inbox, please delete it. If you find this message in your spam quarantine, do not release it. It will be deleted automatically in the next few days. Do not click on the links in the message or reply to the message.

 

For more information about phishing attacks, please visit http://go.middlebury.edu/phishing.  For more information about the spam quarantine, please visit http://go.middlebury.edu/spam.

11012016-phish1

ACTT Meetings ACTT In-progress Project Presentation for Web Conferencing Service

Tuesday, November 8, from 3-4pm
LIB 105A or Zoom room https://middpilot.zoom.us/j/846802386

The new ACT Team process includes in-progress project presentations. These presentations are meant to inform the community about how things are going, what has been done and what still needs to be done, what is going well and what are the challenges.

In this meeting we will talk about the Web Conferencing Service project.

  • Share what has been done, so far.
    • The results of the round-robin, what services were removed from consideration as a result
    • Current use of services under consideration.
  • Discuss what still needs to be done.

In-progress project presentations are open meetings, anyone may attend.

ACTT In-progress Project Presentation for Panopto Pilot

Tuesday, November 1, from 3-4pm
LIB 105A or Zoom room https://middpilot.zoom.us/j/846802386

The new ACT Team process includes in-progress project presentations. These presentations are meant to inform the community about how things are going, what has been done and what still needs to be done, what is going well and what are the challenges.

In this meeting we will talk about the video streaming service and the Panopto Pilot.

  • Review the training that occurred on 10/25
  • Share what has been done, so far.
  • Discuss what still needs to be done.

In-progress project presentations are open meetings, anyone may attend.

New Cloud File Storage: Welcome to Your New “Home”!

cloudsMicrosoft’s OneDrive file storage system has just been turned on for all staff, faculty, and students on the Middlebury campus and at MIIS.  Now that our e-mail has successfully moved to the cloud, we turn next to Middfiles “home” folders.  Don’t panic!  You’re not in this alone — we’re here to help.  To take advantage of the many benefits of cloud storage, you’ll want to begin by moving the contents of your “home” folder from Middfiles to OneDrive.  (“Orgs” and “Classes” folders on Middfiles are staying put for now.)  If you are already using cloud storage through Google, you may certainly use this service instead.  Our goal is for all of you to complete the move of your Middfiles “home” folders to the cloud by the end of this year.

In the upcoming weeks ITS will be scheduling training for partners across the Midd community so we can work together to assist anyone who needs a hand with this exciting, new service.  We will also provide documentation, online tutorials, and workshops designed to get you moving your files quickly and easily, using methods that work best for you.  Watch your email for upcoming details.

Can’t wait to learn more – and perhaps give things a try?  Take a look at http://go.middlebury.edu/onedrivehelp.

Has an ebook disappeared on you?

Looking for an ebook you used recently but that seems to have vanished? Let us know right away; we can probably get it back. Our major ebook program is undergoing some changes due to soaring costs and increasing publisher restrictions on usage. A large number of titles will disappear from our catalog this week. The process is designed to leave available anything that’s been used recently, but because of behind-the-scenes technical work, there’s a lag between the vendor’s most recent usage reports and the actual catalog-record deletion. As a result, you may have used a title in the last two weeks and now can’t find it again. Just ask us to recover it, and if our supplier still has it available, we will!

We also added a new collection recently, with more than 140,000 ebooks from EBSCO. Check it out!

This way to the Unplug and Recharge Room

Follow the arrows, and find some time for yourself! Take a break from your studies for just one – quiet – moment. You’ll feel refreshed, we promise.

Photo of Unplug and Recharge Room

Just follow the arrow

The Unplug and Recharge Room will be available through November on the Upper Level of the Davis Family Library, but you may borrow meditation cushions all year long from the circulation desks at the Davis Family Library and the Armstrong Library.

@MiddInfoSec: “Middlebury College!” A Well Crafted Phishing Attack Looks to Come from the College

Over the past couple of days Middlebury College has been the target of a well-crafted  phishing campaign. Phishing messages are email messages designed to trick you into divulging your username and password. In this case, the phishing messages were written so that they looked like they were sent from Middlebury’s Department of Public Safety. An example of this phishing message is included below.

Middlebury’s email system was able to filter the vast majority of these phishing messages, delivering them into each recipient’s Spam Quarantine. Even with this protection, however, a few individuals released the messages from their quarantines, opened  the messages, and clicked on the phishing links therein.

Always use caution with quarantined messages. The quarantine is specifically designed to protect you from phishing attacks.  If you have any questions about a quarantined message, contact the Help Desk or send a note to phishing@middlebury.edu. We would be glad to help.

Sample Phishing Message:

phish1062016

For more information on phishing please visit http://go.middlebury.edu/phish. For additional details about spam filtering and the spam quarantine, please review Spam Filtering at Middlebury.