[IS&T Security-FYI] Security FYI Newsletter, September 4, 2015

Monique Buchanan myeaton at mit.edu
Fri Sep 4 14:56:35 EDT 2015 

In this issue:

1. LastPass Enterprise for MIT is Here
2. Two-Factor Requirement at MIT: Deadline is September 30, 2015 for Faculty, Staff, Affiliates
3. STOP Tags: Anti-Theft Measure for your Laptop (Free for MIT on 9/8 and 9/9)


1. LastPass Enterprise for MIT is Here

Maintaining passwords, the ones you use for your online accounts, can quickly become a chore. Years ago, before I began using a password manager, my biggest challenge was not remembering all my passwords. I could remember the most important and frequently used ones, but I found it difficult creating clever and strong passwords each time I opened a new online account.

The answer came with LastPass. I discovered this free service through a colleague, who is also a security professional. I knew that if he was happy using it, I could trust it, too. While it was a bit time-consuming at first to set up each of my online accounts, once that was done, I had little to do. LastPass automatically fills the usernames and passwords into the login fields on sites I have accounts with. For new sites I sign up with, LastPass help me to generate random passwords that are as long and as complex as they need to be, then saves them to my vault.

LastPass Enterprise<http://ist.mit.edu/lastpass> is available to the MIT community for free. It includes two-factor authentication using Duo (see the information about Duo below), so now I am prompted for another factor when I log into LastPass from a computer or device I haven’t used before.

Learn more or register for your own LastPass account<https://ist.mit.edu/news/lastpass_solution>.



2. Two-Factor Requirement at MIT: Deadline is September 30, 2015 for Faculty, Staff, Affiliates

Earlier this summer, Vice President of IS&T, John Charles, announced to the community<http://web.mit.edu/itgc/letters/duo-memo.html> that to improve IT security at MIT, the authentication service of Duo Security is being added to various online processes.

As you might know, Duo Security is a two-factor authentication service that prompts you for a second factor as part of signing in to systems. At MIT, accessing the following systems after September 30, 2015 will prompt for a second factor:


  *   Touchstone and web services authenticated through Touchstone (such as Atlas and Stellar)
  *   MIT’s VPN service
  *   Remote access to systems managed by IS&T or located within the IS&T data center facilities
  *   Certificate deployment

To make sure you can access these services after September 30th, you should start using Duo as soon as possible. To sign up, go to the MIT Duo Security Account Management page<http://duo.mit.edu/>. Once signed up, you may enroll your device and enable two-factor authentication.

To learn more about installing and using Duo at MIT, see the article on Two-Factor Authentication with Duo<http://kb.mit.edu/confluence/x/RJkwCQ> within the Knowledge Base. You may also want to read the Guide to Two-Factor Authentication<https://guide.duosecurity.com/> provided by Duo Security.

Coincidentally, two-factor is the topic of this month’s OUCH! newsletter from SANS<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201509_en.pdf>.


3. STOP Tags: Anti-Theft Measure for your Laptop

Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for the MIT community.

Where & When:
Tues., Sept. 8th, 10:00 am - 2:30 pm, Rockwell Cage, Z-Center
Wed., Sept. 9, 10:00 am - 2:30 pm, Lobby of Building 10

Cost: Free for these two days only this year (normally $10)!

How does it work?
Bring your device. A STOP tag is affixed to the device, has a unique number, and is registered with a world-wide database. Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to be returned to their rightful owners.

Read recovery stories here<https://www.stoptheft.com/> of laptops with STOP tags.

Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.



A copy of this newsletter can be found at http://ist.mit.edu/news


Thanks for reading,
Monique



Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150904/4fd16542/attachment.html

More information about the ist-security-fyi mailing list