Online Password Security

-
The Background
Sometimes websites will ask you to change your password. Maybe GMail, or UTHealth, or your bank, periodically changing your password is part of good account security.

The Danger
Malicious persons will sometimes try to trick you into revealing your password to a fake website, where they can read your password and break into your account.

Not long ago, an important person in the United States government got an email telling him to change his GMail password. He followed the link, changed his password at the prompt--and a third party gained access to every email he ever sent or received at that email address. And of course, everything was published. It was a nightmare.

How do you guarantee that a password-reset page is legitimate and safe?
Any time a website asks for sensitive information--your password, social security number, or even your name or address, make sure that the web page:
  1. has a valid SSL Certificate, and
  2. actually belongs to the provider that you trust with this sensitive information.
Keeping your passwords safe is very easy!!!
For any web page asking for sensitive information like your password, be sure that
  • it has a green padlock in the browser next to the URL, and
  • its URL belongs to the service you trust
Here are two examples of a websites you can trust:
Firefox Browser
Chrome Browser



In both cases, you can see:
  • the green padlock in the browser AND
  • the URL starts with "google.com". This is to change a gmail password. If you're changing your Facebook password, it should say "facebook.com"--you get the idea. 
Here are some examples of sites you should NOT trust
Browser address bar
What’s wrong with it
Invalid SSL certificate--no green padlock (Chrome)
 
The browser is warning you there is no valid SSL certificate (Firefox)
 
Invalid SSL certificate--no green padlock (Firefox)
 
SSL certificate is valid (green padlock), BUT the URL belongs to someone unknown (passwordreset.com)
NOTE: "Google" appears later in the URL, but that doesn't matter. Your trusted provider should occur immediately after "https"

SSL certificate is valid, but the URL belongs to someone unknown (168.24.166.98)

Follow these simple steps, not just at UTHealth, but everywhere in your life,
and your data will be much more safe.

Comments

Post a Comment

Popular posts from this blog

Canvas, Cidi (Kennethware) and Mobile-First

-
Image
"Mobile First" is one of the newest terms in web-based application design. It indicates that a site or web application was written to display gracefully on both small-screened mobile devices and a large-screened desktop. Canvas and Cidi Design Tools are Mobile First. Students will see a pleasant, un-cluttered display no matter what device they use for Canvas. This page is meant to provide some examples to illustrate these applications' Mobile First design. Course home page (desktop browser): Course home page (mobile browser): Course home page (Canvas app): Syllabus page (desktop browser): Syllabus page (mobile browser): Syllabus page (mobile app)
Read more

For Instructors: Options for Catalog Listings

-
Image
There are several mandatory and optional settings that the E-Learning admins will need in order to list your course in Canvas Catalog . This document was written to help you understand those settings, and what impact they will have on your course listing. Required fields Listing Title: The title you want for your course (see first image below) Listing Path: A unique name for your course, for use in a URL. This must be loser case letters, numerals, and dashes only. Teaser: This is a short description to entice users to sign up for your course ( see Listing Image below ) Full Description : This is a long description about your course ( see Details Image below ) Please Note: "Teaser" is only used on the Listing Image, and the Listing Image is only used if "Visibility" is set to public  (see below) . Optional Fields Enrollment Cap and Wait List: Give a number listing the maximum number of students you want in the course at once, and whether you want users
Read more

For Admins: Adding a new Catalog to Canvas Catalog

-
Image
This assumes all policy requirements have been satisfied; those are outside the scope of this tutorial. Scenario 1: Create a Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Catalogs" in the top navigation menu, then "+ Catalog" Step 3: For URL type, choose Path, then set the following options: Name: A human-readable name for your catalog Path: A unique string of lower case letters, numbers, and dashes. This will go to building a URL so people can access your catalog directly. Parent catalog: Admins for the parent catalog will have rights in this new catalog too. About: A short description of your Catalog Step 4: Click "Save" Scenario 2: Add an Admin to the Catalog Step 1: Login to Catalog as an Admin Step 2: Click "Subcatalog Admins" in the top navigation menu Step 3: In the Account Admins search box, find the person you want to add as an admin. Note they must exist in https://uthealth.instructure.com as
Read more