Cybersecurity Awareness Month 2025
Week 1
Getting Hacked Sucks
– Enable multi-factor authentication when available to secure your accounts.
Multi-Factor Authentication
Expand the sections below to learn about multi-factor authentication.
Multi-Factor Authentication (MFA) is a security mechanism that provides an additional layer of protection by verifying digital users through at least two authentication factors. There are three common types of authentication factors:
- Something you know: This refers to information known only to the user. For example: unique passwords, security questions, PIN codes.
- Something you have: This refers to something that the user owns. For example: a smartphone or a security token.
- Something you are: This factor refers to something that is exclusive to the user. For example: biometrics (e.g. fingerprint, facial scan).
Multi-factor authentication is the most effective way to protect your accounts. With multi-factor authentication, even if a password is compromised, a malicious actor would have to obtain an additional piece of information to gain access. When offered to “enable” or “turn on” MFA on your personal accounts such as Facebook, Amazon or Google, we strongly encourage you to do so.
At LSU, MFA is offered for all applications behind Microsoft authentication such as Workday, LSU email, Teams, Box, and Zoom.
All users will need to configure two methods for MFA: one as a primary method and a secondary method to be used as a backup. It is recommended that MFA be configured on different devices to ensure that you do not lose access in the event that a device and/or phone number change.
While multi-factor authentication is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around multi-factor authentication by tricking users into approving a malicious sign-in attempt.
In a “MFA Fatigue Attack,” hackers that have stolen a user’s password may generate several MFA approval notifications or phone calls in a short period of time, hoping that the account owner approves one of the verification requests due to confusion or annoyance. Cybercriminals also can also use phishing messages and malicious “man-in-the-middle” websites to intercept a user’s sign on attempt and MFA approval, or the attackers may impersonate IT support and request your MFA code or instruct you to approve a specific login. In these cases, if the MFA request is approved or provided to the attacker, it can grant the cybercriminal access to the account.
Therefore, if you are receiving multi-factor authentication log-in requests when you aren’t directly trying to log in, do not approve the requests!
Providing your password or MFA verification to another via a form, text message, or phone call puts your account at risk of compromise; this may lead to your account being temporarily suspended in the event your account is used to send malicious messages or exhibits other suspicious activity.
If the request is for your LSU account, you can submit a “Fraud Alert” via the MFA phone call or app notification, or you can contact the Service Desk at 225-578-3375 or by email at servicedesk@lsu.edu.
If the MFA request is for a sign-in with another account, consult that service’s support for further information.
In any case, if you receive an unexpected MFA approval prompt, change your password for the account ASAP to prevent further malicious sign-on attempts and MFA verification requests. Also, if you reuse the potentially compromised password, change it for any other account that uses it (this is why every password should be unique).
Don’t let this deter you, though. Multi-factor authentication is typically very safe, and it is one of the best ways you can bolster the security of your data!
Test your knowledge, get coordinates, scan codes, and be entered to win. Ready to play?
Week 2
It would be wise....
– to use a password manager to easily create unique and complex passwords.
Password Management
Expand the sections below to learn about password management.
We’ve gone from having just a couple of passwords to manage in the past, to managing
upwards of 100 or more. If you’re like most people, you’re probably using the same
password for most of your accounts—and that’s not safe.
If your one password gets stolen because of a breach, it can be used to gain access
to all your accounts and your sensitive information.
Perhaps you do use unique passwords, but to keep track, you write them in a notebook
or keep them on sticky notes. This leaves you vulnerable to prying eyes. But there
is no need to fret; password managers are easy to use and make a big difference.
Want to check to see if your passwords have been exposed? Check out our additional
resources below.
The best way to manage unique passwords for the ever-increasing number of online accounts we own is through a password manager application. A password manager is software created to manage all your online credentials, like usernames and passwords. It stores them in a safe, encrypted database and generates new passwords when needed. When you need a password, you can get a hyper-strong suggestion that is automatically stored in the password manager with just a few clicks. Say goodbye to short, reused passwords, and hello to strong, unique passwords!
Because the password manager stores all your passwords, you don’t need to memorize hundreds of passwords or keep that secret password paper in your drawer. Now, you only need to remember one to unlock your password vault in the manager app, so it makes things so much easier.
Pro tip: because the password that unlocks your vault is the “key to the castle”, it is vital to ensure that this password is unique, long, and complex. See additional resources below for password best practices.
Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages as well.
- Saves time
- Works across all your devices and operating systems
- Protects your identity
- Notifies you of potential phishing websites
- Alerts you when a password has potentially become compromised
- Most can be used along with multi-factor authentication for even more security
Even though password managers are the best way to keep your information safe, many people are afraid that storing all their passwords in one place means they are at risk if a hacker breaches your vault.
Password managers today are safer than ever before, and they are much safer than using a physical notebook, storing passwords in a Notes app or reusing passwords that are easy to remember. However, password managers should not be considered risk-free due to ever-increasing technological advances. Try to choose a password manager that utilizes multi-factor authentication for an added layer of security.
Compare your options and look for a quality password management system – you have a lot of choices! See additional resources below for best password managers of 2025.
Does a safer and easier method of logging into your accounts exist? Yes! Many websites
now use a technology called passkeys, which is a secure way to sign in to your account
without using a password. Most websites have not yet adopted this technology, which
is why using a password manager is still recommended.
Want to know more about passkeys? Be sure to check out the passkey link in the additional
resource section for more details!
Test your knowledge, get coordinates, scan codes, and be entered to win. Ready to
play?
Take this week’s quiz!
Week 3
Nightmare on my device
– Out-of-date software can be a nightmare. Update regularly to strengthen device security.
Software Updates
Expand the sections below to learn about software updates.
Every day, software and app developers focus on keeping their users and products secure. They’re constantly looking for clues that hackers are trying to break into their systems, or they are searching for holes where cybercriminals could sneak in, even if they’ve never been breached before. To fix these issues and improve security for everyone who uses their services, upstanding software companies release regular updates.
If you install the latest updates for devices, software, and apps, not only are you
getting the best security available, but you also ensure that you get access to the
latest features and upgrades. However, you can only benefit if you update! Don’t fret,
updating software is easy, and you can even make it automatic. Check out the links
below for more information.
Keep your computer secure at home
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed version of software (even if your friend gave it to you). Pirated, hacked, or unlicensed software can often contain and/or spread malware, viruses, or other cybersecurity nightmares to your network. Ruining your computer, phone, tablet, or other device isn’t worth it!
To view the catalog of software currently available to faculty, staff, and students follow the link below.
Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process and you can often choose to schedule the update during the middle of the night. If you can’t automatically update it, remind yourself to check quarterly if an update is available.
Check out the links below for more information.
You’ve probably come across suspicious pop-up windows when visiting a website that
urgently demand you download a software update. These are especially common on shady
websites or if there is malware already on your machine. These are always fake – they
are attempts at phishing or entice users to click on the link that may download malware.
Don’t click any buttons on these pop-ups and close your browser. Many web browsers
will warn you if you are attempting to visit an unsecure web address or one that could
contain malware. Heed these warnings and don’t take the bait!
Additionally, it is recommended that you avoid clicking on sponsored links that may
appear at the top of search portals such as Google. Sponsored links may not point
to legitimate websites for software downloads. Always look for legitimate websites
of the application providers and download the software directly from official sites.
Test your knowledge, get coordinates, scan codes, and be entered to win. Ready to
play?
Take this week’s quiz!