Online Password Security

-
The Background
Sometimes websites will ask you to change your password. Maybe GMail, or UTHealth, or your bank, periodically changing your password is part of good account security.

The Danger
Malicious persons will sometimes try to trick you into revealing your password to a fake website, where they can read your password and break into your account.

Not long ago, an important person in the United States government got an email telling him to change his GMail password. He followed the link, changed his password at the prompt--and a third party gained access to every email he ever sent or received at that email address. And of course, everything was published. It was a nightmare.

How do you guarantee that a password-reset page is legitimate and safe?
Any time a website asks for sensitive information--your password, social security number, or even your name or address, make sure that the web page:
  1. has a valid SSL Certificate, and
  2. actually belongs to the provider that you trust with this sensitive information.
Keeping your passwords safe is very easy!!!
For any web page asking for sensitive information like your password, be sure that
  • it has a green padlock in the browser next to the URL, and
  • its URL belongs to the service you trust
Here are two examples of a websites you can trust:
Firefox Browser
Chrome Browser



In both cases, you can see:
  • the green padlock in the browser AND
  • the URL starts with "google.com". This is to change a gmail password. If you're changing your Facebook password, it should say "facebook.com"--you get the idea. 
Here are some examples of sites you should NOT trust
Browser address bar
What’s wrong with it
Invalid SSL certificate--no green padlock (Chrome)
 
The browser is warning you there is no valid SSL certificate (Firefox)
 
Invalid SSL certificate--no green padlock (Firefox)
 
SSL certificate is valid (green padlock), BUT the URL belongs to someone unknown (passwordreset.com)
NOTE: "Google" appears later in the URL, but that doesn't matter. Your trusted provider should occur immediately after "https"

SSL certificate is valid, but the URL belongs to someone unknown (168.24.166.98)

Follow these simple steps, not just at UTHealth, but everywhere in your life,
and your data will be much more safe.

Comments

Post a Comment

Popular posts from this blog

Canvas, Cidi (Kennethware) and Mobile-First

-
Image
"Mobile First" is one of the newest terms in web-based application design. It indicates that a site or web application was written to display gracefully on both small-screened mobile devices and a large-screened desktop. Canvas and Cidi Design Tools are Mobile First. Students will see a pleasant, un-cluttered display no matter what device they use for Canvas. This page is meant to provide some examples to illustrate these applications' Mobile First design. Course home page (desktop browser): Course home page (mobile browser): Course home page (Canvas app): Syllabus page (desktop browser): Syllabus page (mobile browser): Syllabus page (mobile app)
Read more

For Admins: Adding a new Catalog to Canvas Catalog

-
Image
This assumes all policy requirements have been satisfied; those are outside the scope of this tutorial. Scenario 1: Create a Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Catalogs" in the top navigation menu, then "+ Catalog" Step 3: For URL type, choose Path, then set the following options: Name: A human-readable name for your catalog Path: A unique string of lower case letters, numbers, and dashes. This will go to building a URL so people can access your catalog directly. Parent catalog: Admins for the parent catalog will have rights in this new catalog too. About: A short description of your Catalog Step 4: Click "Save" Scenario 2: Add an Admin to the Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Subcatalog Admins" in the top navigation menu Step 3: In the Account Admins search box, find the person you want to add as an admin. Note they must exist in https://uthealth.instructure.com as
Read more

For Admins: Running a Postman Collection

-
If there are multiple iterations of a single API call, each with different parameters, it makes sense to use a PostMan collection to automate those calls. For example, this course: https://uth.test.instructure.com/courses/26911 We want to undelete ten enrollments from a section in this course. The undelete command is: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]=5227&enrollment[enrollment_state]=active But the enrollments we want to undelete (by user id) are: 5227, 10564, 106, 10697, 12375, 12715, 1305, 1307, 1327, 1441 Step 1: Create a data file (csv) that looks like this: userid 5227 10564 106 10697 12375 12715 1305 1307 1327 1441 Step 2: Move the POST command to its own folder in PostMan. It will be the sole API call in that folder/collection Step 3: Modify the POST command to: POST https://uth.test.instructure.com/api/v1/sections/26959/enrollments?enrollment[user_id]={{userid}}&enr
Read more