Information Security Tips
Networking and information technology allow us to improve our reach and efficiency, but with great power comes great responsibility. Cyber criminals often target large organizations like Stockton with phishing scams and social engineering, 2-Factor Authentication is currently the most powerful defense available against these attacks, and Stockton University is leveraging the Duo Security platform to enable easy and non-intrusive 2-Factor Authentication across secure services such as Banner and E-mail.
To begin, start by downloading the Duo Mobile App for your smart phone. Although the Duo Security platform has multiple ways to provide a second authentication factor, we recommend using the Duo Mobile app for IOS and Android for the best experience.
- On your Android device open up the Google Play store and search for "Duo Mobile". It can also be found here.
- Tap "install" to start the applicaiton installation
After you've installed the Duo Mobile application on your phone open a web browser on your computer and navigate to the Stockton goPortal at https://go.Stockton.edu to login to your account by clicking on the "Login to goStockton Portal".
After entering your username and password you will be prompted by Duo to enroll in 2-Factor Authentication click on the “Start Setup” button and choose the setup option “Mobile phone”.
Next, select the setup option “Mobile phone”.
Enter the phone number of the device you’re enrolling in 2-Factor Authentication, make sure to check the confirmation box that your phone number is correct.
Select a device type
Depending on the device you’ll be using to enroll in 2-Factor Authentication, follow either the Android or iPhone instructions below. If selecting “Other” you’ll receive the option of either receiving a phone call or a text message passcode to authenticate.
Launch the Duo Mobile app, then tap on the “Add Account” button to open up your camera and scan the QR code on your computer screen.
Launch the Duo Mobile app, accept the license agreement, then tap on the plus icon (+) button at the top-right of your phone screen to open up your camera. Scan the QR code on your computer screen to proceed.
If your scan was successful, you should see a green check mark appear over the QR code. Click Continue to proceed.
Choose an authentication method to proceed with logging in to your account, you may check the “Remember me for 30 days” box to remain authenticated with Duo for 30 days.
If using “Send me a Push” Duo will create a notification on your phone when you attempt to log into a secure service.
Tap the green button to approve your login attempt.
If you experience any issues enrolling with Duo 2-Factor Authentication, contact the IT Services Help Desk at 609-652-4309.
If you do not wish to install the Duo mobile app on your smartphone, there are several alternative options:
- Text message (SMS): A text message with a one-time use code is sent to your phone.
- Voice call: A call will be made to the number on file. Press 1 to accept, press # to report a fraudulent authentication attempt.
- Hard token: A small physical device that you carry around. Press the button and it generates a one-time use code.
If you previously enrolled your phone with the Duo app and would prefer to use only the voice/text options, simply uninstall the app from your device and choose the desired option (SMS or voice) next time you’re prompted for a second factor.
If you would like to obtain a hard token or wish to adjust your enrollment method, please contact firstname.lastname@example.org via email or by phone (609-652-4779).
If you have received a message directing you to reply with or otherwise enter personally identifiable information online, please report the message as a phishing attempt (email@example.com) or use the phish alert button which reports the phishing solicitation to the Information Security team (this button automatically appears in your Outlook and Office 365 clients).
The Phish Alert button will also delete the suspicious email from your mailbox to
prevent any future exposure. We all play a critical role in keeping institutional
data secure and to aid in this task, we ask that you take a skeptical approach to
any solicitations that seem suspicious. Stockton University's Information Technology
Services will never ask you to disclose your password (via email or otherwise).
If you suspect that you’re being targeted, please notify firstname.lastname@example.org via email or by calling (609) 652-4779.
Additionally, if you feel unsure about an email message sent from a member within the Stockton community, please reach out to them or their unit directly for clarification (before clicking on included links or opening suspicious attachments).
While Stockton and our vendors employ strong security measures to safeguard your data, the main line of defense is a secure password – any level of encryption can be bypassed if a password is compromised through subterfuge, sharing, or simplicity.
Keep your password secure.
Never tell someone else your password. Stockton University feels so strongly about this aspect of password protection that it is specifically stated in the acceptable use policy in Standard 2. Additionally, you should never write down your password. Anyone observing your login will see where it is located and can retrieve it for their use -- or misuse -- when you aren’t around. Even if they don’t observe your login, they will look for anything written down and posted in the vicinity of your workstation (e.g., the side of the monitor, bottom of the keyboard, on the keyboard tray).
Avoid password pitfalls
Don’t pick a password that can be found in the dictionary. Our central computers check your password against a system dictionary, but there are many different dictionaries available. A word that is not in our system dictionary just might be in the crackers’ dictionary. This includes foreign language dictionaries as well.
Don’t choose a password that uses personal information that someone could easily find out about you. This includes information such as:
- Your name, username, or nickname
- Names or nicknames of friends, relatives, pets, or locations that are special to you
- Numerical data about you such as birth date, social security number, license plate number, phone number, address, or zip code
- Technical terms or names of prominent individuals in your field of expertise
Don’t choose a password that others might also choose. You should avoid:
- Names of famous people such as sports figures, literary characters, mythological figures, biblical figures, actors, or political figures
- Any commercial brand names
- Names of cartoon characters or science fiction characters
Choose a good password
A good password is one that is easy to remember but hard to guess. There are several methods you can use. You can use real words as long as you use them wisely. One method is to concatenate two unrelated words. Example are LAMPFISH or BOATAPPLE. You can create a pseudo-word by alternating consonants with one or two vowels. These words are pronounceable and easy to remember, but hard to guess. Examples are BOUGAMIT or EXOJUK. Finally, you can create a password like you might create a mnemonic device. Take a phrase that you can easily remember and use the first character of each word. If possible, include numbers and non-alphanumeric characters. For example, the phrase “Four score and seven years ago” could translate into the password 4SA7YA.
To reset your GoStockton Portal password, you can complete the online Self-Service Password Reset form.
Traditionally, resetting a GoStockton Portal password necessitated a call to the IT Services Help Desk. Our new self-service form empowers individuals to reset their GoStockton Portal passwords even outside of normal Help Desk operating hours.
If you’ve forgotten your GoStockton Portal password, you can quickly and easily reset it by clicking on the “Forgot your username or password” link on the Portal login page.
On the next page, enter your username, date of birth, and social security number to verify your identity. All transmitted information is encrypted, and any data entered into this form is not retained after the password reset is processed.
Once your identity has been verified, enter and confirm your new password. Passwords should be between 8 and 32 characters long, contain at least one (1) alphabetic character, and contain at least one (1) numeric character. Passwords are case-sensitive.
After submitting your new password, you’ll receive a confirmation page. You can now log in to the GoStockton Portal and other web services. New passwords may take up to ten (10) minutes to synchronize to Stockton’s WiFi network. If you require assistance with resetting your GoStockton Portal password or accessing services with your GoStockton credentials, please contact the IT Services Help Desk at 609-652-4309 or stockton.edu/helpdesk.