Student Resources


Securing Your Devices

Best practices for keeping your devices secure.

What you need to know

Always Apply a Password or a PIN

Keeping your devices locked is an essential good practice! You never know when you might be separated from them. Always keep devices locked with secure codes.

Update Your Software

Updating software on your devices not only makes them run better, but it also makes them more secure. Most software updates include essential security patches that are necessary to keep your information secure.

Never Leave Your Devices Unattended

When you are out in public spaces never leave your devices unattended. This is the most common way devices are stolen.

Consider Auto-wipe Options

Consider using auto-wipe on your mobile devices. With auto-wipe enabled, if your device is lost or stolen and someone attempts to guess your PIN too many times, auto-wipe will automatically wipe all content from the device.


Safe Account & Password Management

Proper account and password management is the key to your online security.

Learn more about safe password practices

What you need to know

Keep Passwords Strong

The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

Use More Than One

Avoid using the same password for all of your accounts. Try to diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

Never Share Your Password

The university does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

Your Digital Footprint

Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online “house”.

Self-Serve Password Reset

Did you know that U of T offers a self-serve password reset tool for your UTORid account? Once registered, you can reset your password via SMS or alternate email.

Register Today!

Managing Your UTORid Account & Password

Visit your UTORid Account page to sign up for the self-serve password reset tool, change your password, review your spam filters and more.

Go to the UTORid Account page


Phishing & Identity Theft

A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.

What you need to know

Same Trick, Different Catch

Phishing attacks can take many forms, such as: fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

They Always Seem Urgent

Phishing messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information.

They Are Unexpected

The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

Easily Spoofed

The message claims to be from the university but the sender’s email, upon further inspection, is incorrect or odd.

Bad Grammar and Spelling

Phishing messeges often contain multipel spelling and gammatical errors. Did you spot them here?

Anatomy of a Phishing Email

You can become an expert in identifying phishing and spam emails.

Check out the Anatomy of a Phishing Email and never be fooled again!


Your Digital Footprint

How many online accounts do you maintain? Be in the know of what’s out there with your name on it.

What you need to know

Keep Track of Your Accounts

Having multiple online accounts such as emails, social media spaces, and other services is common. Remember, each one of these accounts holds some of your personal information. Keeping track of what you have online, helps you reduce the risk of being hacked.

Avoid Using the Same Password for Everything

Hackers have multiple ways of getting a hold of your password, most commonly by guessing it or by accessing it via insecure services or password leaks. If your password is released, it can be used to attempt to access other services such as your online bank account. Always keep multiple passwords for different services to reduce your chances of being hacked across the board.

Spring Clean

Allocate an annual time in your calendar for reviewing your online accounts and their privacy settings. During this process you can delete accounts you no longer use and update the ones you do use with the appropriate information and settings.

How are you represented online?

Decide how you would like to present your personal and academic or professional online information. Keep them consistent and separate them when necessary. It is helpful to Google yourself once in a while to see what’s out there with your name on it, including images, articles and videos.


Social Media and Your Privacy

Be diligent with your social media presence. Know how to set up your privacy settings to keep yourself safe online.

What you need to know

Secure Your Namespace

Consider securing common social media spaces with your full name to preserve your ‘online brand’. You can keep the accounts private and out of public view if you are not an active user, but at least you will rest easy knowing that no one else can appropriate it.

Be in Charge of Your Privacy Settings

Social media spaces tend to default to a public privacy setting. Decide on your comfort level when sharing information and ensure to set the appropriate privacy settings to limit who can view your posts.

Don’t Overshare Every Moment

Sharing every moment of your day can compromise your physical security. Avoid posting your location or travel photos online as this could give away that your home is unattended and/or give away your location to someone who may be trying to find you.

Know How to Delete Accounts

Did you know that it’s more difficult to delete some social media accounts than others? When closing an account, pay careful attention to whether your data is actually deleted, as a lot of social media platforms will only ‘disable’ your profile and won’t actually delete it.