Students

Securing Your Devices

Best practices for keeping your devices such as laptops, tablets and phones secure.

What you need to know

  • Always Apply a Password or a PIN

    Keeping your devices locked is an essential good practice! You never know when you can be separated from them, so it’s best to always keep them locked with secure, hard to guess codes.

  • Update Your Software

    Updating software on your devices does not only make them run better, but it also makes them more secure. Most software updates include essential security patches the vendor of the product has identified as necessary to keep your information secure.

  • Never Leave Your Devices Unattended

    When studying at the library, coffee shop or other public spaces, never leave your devices unattended, even for a moment. This is the most common way devices are stolen.

  • Consider Auto-wipe Options

    Consider using auto-wipe feature to your mobile devices, so if they are lost and someone attempts to guess your PIN too many times, the device will auto-wipe your personal data from it.

Safe Account & Password Management

Proper account and password management is the key to your online security.

Learn more about Safe Password Practices

What you need to know

  • Keep Passwords Strong

    The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

  • Use More Than One

    Avoid using the same password for all of your accounts. Try and diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

  • Never Share Your Password

    The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

  • Your Digital Footprint

    Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.

  • Self-Serve Password Reset

    Did you know that U of T offers a self-serve password reset tool for your UTORid account? When you register, you can reset your own password if you have forgotten it via SMS or alternate email.

    Register Today!

  • Managing Your UTORid Account & Password

    This is where you can sign-up for the self-serve password reset tool, change your password, and review your spam filters and more.

    Go to the UTORid Account page

Phishing & Identity Theft

A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.

Phishing Bowl

What you need to know

  • Same trick, different catch

    Phishing attacks can take many forms, including fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

  • They Always Seem Urgent!

    These messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information because they haven’t had the time to question their actions.

  • They Are Unexpected

    The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

  • Easily Spoofed

    The message claims to be from the University but the sender email, upon further inspection, is incorrect or odd.

  • Bad Grammar and Spelling

    Phishing messeges often contain multipel spelling and grammatical errors. Did you spot them here?

  • Anatomy of a Phishing Email

    You can become an expert in identifying phishing and spam emails. Check out the Anatomy of a Phishing Email and never be fooled again!

Your Digital Footprint

How many online accounts do you have versus maintain? Be in the know of what’s out there with your name on it.

What you need to know

  • Keep Track of Your Accounts

    Having multiple online accounts such as emails, social media spaces, and other services is common. Remember, each one of these accounts holds some of your personal information. Keeping track of what you have online, helps you reduce the risk of being hacked.

  • Avoid Using the Same Password for Everything

    Hackers have multiple ways of getting ahold of your password, most commonly by guessing it or by accessing it via insecure services and via password leaks. If your password is released, it can be used to attempt to access other services such as your bank account. Always keep multiple passwords for different services to reduce your chances of being hacked across the board.

  • Spring Clean

    Allocate an annual time in your calendar for reviewing your online accounts and the privacy settings. At this time you can delete accounts you no longer use and update the ones you do with the appropriate information and settings.

  • How are you represented online?

    Decide how you would like to present your personal and academic or professional online information. Keep them consistent, separate where necessary. It is helpful to Google yourself once in a while to see what’s out there with your name on it, including images, articles and videos.

Social Media and Your Privacy

Be dilligent with your Social Media presence. Know how to set up your privacy settings to keep yourself safe online.

What you need to know

  • Secure Your Namespace

    Consider securing common social media spaces with your full name to preserve your ‘online brand’. You can keep the accounts private and out of public view if you are not an active user, but at least you will rest easy and know no one else can appropriate it.

  • Be in Charge of Your Privacy Settings

    Social Media spaces tend to default to a public privacy setting. Decide on your comfort level when sharing information, and ensure to set the appropriate privacy settings to limit who can view your posts.

  • Don’t Overshare Every Moment

    Sharing every moment of your day can compromise your physical security. Avoid posting your location or your travels as they happen as this could give away that your home is unattended or prompt someone to locate you where you are broadcasting from.

  • Know How to Delete Accounts

    Did you know that it’s more difficult to delete some social media accounts than others? When closing an account, pay careful attention to the process for actual deletion of your data, as a lot of social media spaces only ‘disable’ your profile and don’t actually delete it.