Students

Securing Your Devices

Best practices for keeping your devices  secure.

What you need to know

  • Always Apply a Password or a PIN

    Keeping your devices locked is an essential good practice! You never know when you might be separated from them. Always keep devices locked with secure codes.

  • Update Your Software

    Updating software on your devices not only makes them run better, but it also makes them more secure. Most software updates include essential security patches that are necessary to keep your information secure.

  • Never Leave Your Devices Unattended

    When you are out in public spaces never leave your devices unattended. This is the most common way devices are stolen.

  • Consider Auto-wipe Options

    Consider using auto-wipe on your mobile devices. With auto-tip enabled, if your device is lost or stolen and someone attempts to guess your PIN too many times, the feature will automatically wipe all content from the device

Safe Account & Password Management

Proper account and password management is the key to your online security.

Learn more about Safe Password Practices

What you need to know

  • Keep Passwords Strong

    The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

  • Use More Than One

    Avoid using the same password for all of your accounts. Try to diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

  • Never Share Your Password

    The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

  • Your Digital Footprint

    Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.

  • Self-Serve Password Reset

    Did you know that U of T offers a self-serve password reset tool for your UTORid account? Once registered, you can reset your password via SMS or alternate email.

    Register Today!

  • Managing Your UTORid Account & Password

    Visit your UTORid Account page to sign-up for the self-serve password reset tool, change your password, review your spam filters and more.

    Go to the UTORid Account page

Phishing & Identity Theft

A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.

Phishing Bowl

What you need to know

  • Same trick, different catch

    Phishing attacks can take many forms, such as: fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

  • They Always Seem Urgent!

    Phishing messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information. 

  • They Are Unexpected

    The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

  • Easily Spoofed

    The message claims to be from the University but the sender’s email, upon further inspection, is incorrect or odd.

  • Bad Grammar and Spelling

    Phishing messeges often contain multipel spelling and grammatical errors. Did you spot them here?

  • Anatomy of a Phishing Email

    You can become an expert in identifying phishing and spam emails. Check out the Anatomy of a Phishing Email and never be fooled again!

Your Digital Footprint

How many online accounts do you have versus maintain? Be in the know of what’s out there with your name on it.

What you need to know

  • Keep Track of Your Accounts

    Having multiple online accounts such as emails, social media spaces, and other services is common. Remember, each one of these accounts holds some of your personal information. Keeping track of what you have online, helps you reduce the risk of being hacked.

  • Avoid Using the Same Password for Everything

    Hackers have multiple ways of getting ahold of your password, most commonly by guessing it or by accessing it via insecure services and via password leaks. If your password is released, it can be used to attempt to access other services such as your bank account. Always keep multiple passwords for different services to reduce your chances of being hacked across the board.

  • Spring Clean

    Allocate an annual time in your calendar for reviewing your online accounts and the privacy settings. At this time you can delete accounts you no longer use and update the ones you do with the appropriate information and settings.

  • How are you represented online?

    Decide how you would like to present your personal and academic or professional online information. Keep them consistent, separate where necessary. It is helpful to Google yourself once in a while to see what’s out there with your name on it, including images, articles and videos.

Social Media and Your Privacy

Be dilligent with your Social Media presence. Know how to set up your privacy settings to keep yourself safe online.

What you need to know

  • Secure Your Namespace

    Consider securing common social media spaces with your full name to preserve your ‘online brand’. You can keep the accounts private and out of public view if you are not an active user, but at least you will rest easy and know no one else can appropriate it.

  • Be in Charge of Your Privacy Settings

    Social Media spaces tend to default to a public privacy setting. Decide on your comfort level when sharing information, and ensure to set the appropriate privacy settings to limit who can view your posts.

  • Don’t Overshare Every Moment

    Sharing every moment of your day can compromise your physical security. Avoid posting your location or your travels as they happen as this could give away that your home is unattended or prompt someone to locate you where you are broadcasting from.

  • Know How to Delete Accounts

    Did you know that it’s more difficult to delete some social media accounts than others? When closing an account, pay careful attention to the process for actual deletion of your data, as a lot of social media spaces only ‘disable’ your profile and don’t actually delete it.