Take action to avoid your account being hacked
In recent years, the unauthorised use of hacked LiU accounts has become an increasing problem, sometimes with serious consequences for the university. Most of these incidents, possibly all of them, would have been prevented if two-step verification had been active for LiU accounts.
Having a password stolen or compromised not only causes problems for the individual co-worker: it also brings a risk that the LiU networks, IT services and working material of co-workers are misused by unauthorised persons.
The techniques used for attempted fraud and phishing are becoming evermore advanced, and they are spread in a more targeted manner than has until now been the case. This was clear not least last Wednesday (24 June 2020), when a well-crafted and tailored phishing attack was directed at LiU. Users need better protection against this type of attack, and technical measures are available to support them.
“We can provide as much information as possible about how to avoid becoming a victim of fraud, but it is not always easy to see the danger or protect oneself against it. Some email attacks are extremely closely focussed and have highly professional designs. This is why we have decided to make it easy for our co-workers by making two-step verification for log in to LiU accounts available off-campus, despite the current distance mode. Two-step verification protects accounts against unauthorised logins”, says Joakim Nejdeby, chief information officer.
Activate two-step verification
Work to activate two-step verification for all LiU accounts had been planned to start gradually during the spring of 2020. The sudden need to activate distance mode meant that this was temporarily put on hold, since the registration of two-step verification principally should be activated on one of the campuses, when logged in to a LiU network. However, after the introduction of the new VPN client FortiClient, it is now possible to activate two-step verification remotely. The IT Division has made it possible to activate two-step verification for anyone who wants to.
If you want to activate two-step verification on your LiU account, log in to MinIT, where you can follow a guide that takes you through the process. The start page of MinIT has a starting point for two-step verification. It is only necessary to activate two-step verification once, and you can then receive notifications in your mobile when you need to login using the process. Please read general information and see videos about two-step verification on the link at the bottom of this page before starting activation.
If problems or uncertainties arise when you activate two-step verification, we recommend that you postpone completing the process until after the summer and holiday period. The phishing incident has created a lot of work for the IT Helpdesk and IT technicians, and our capacity for other cases is limited at the moment.
Illustration of two-step verification.
Verification when off-campus or when using an unrecognised device
When two-step verification is active, you will receive a notification in an app on your mobile when you try to use your LiU account to log in to any of the LiU IT services from an unrecognised device (such as your own computer). If the login is authentic, you continue by a simple tap in the app. If someone else is trying to log in to your account, you receive notification about the login attempt and can prevent it.
“Many people will not notice much change at all when two-step verification is introduced, while others will meet it more often”, says Joakim Nejdeby.
It may be necessary to go through the two-step process, for example, if you log in to the webmail server on your own computer from home, or when working at another location than our campuses. After logging in, you will be able to work as usual and it will not be necessary to authenticate yourself again, unless you log out and need to log in again.
Subscribe to IT news
Receive a newsletter for LiU employees 4 times per semester with IT news. The newsletter is in Swedish, but many of the included articles are available in English. Subscribe here!
Latest IT related news
Last updated: 2020-06-26