Be sure to sure read our earlier article for incoming freshmen: Creating an MIT online identity
You’ve gotten into the most prestigious technical Institute in the world – a huge accomplishment! Sadly, though, MIT is a target for hackers. It’s essential that you take steps to keep your computer, data, and personal information safe.
The most basic level of security is your password. Since your Kerberos account is used to access a wide range of MIT applications and services, such as email, Athena, and WebSIS, when choosing a password be sure to make it as strong as possible. MIT Information Systems and Technology (IS&T) recommends the use of pass phrases, because they are easier to remember and often harder to crack than simple passwords. Read more about strong passwords and pass phrases in the IS&T Knowledge Base (KB).
IS&T has specific rules for Kerberos passwords to ensure your safety. The password:
- Must be eight characters or longer
- Must not be based on your Kerberos username
- Must not be a word that appears in the dictionary
- Must contain characters from at least two different character classes (upper- and lower-case letters, letters and symbols, letters and numbers, etc.)
- Must be composed of characters in the Roman alphabet or symbols on the U.S. keyboard
- Must pass a complexity check based on a password dictionary, a technique commonly used by attackers to crack simple passwords.
IS&T also recommends pass phrases, because they are easier to remember than a cluster of letters and numbers. Read more about strong passwords and pass phrases.
Using the same password for multiple sites puts you more at risk; if a hacker learns that one password, they can then potentially access other websites and accounts in your name. You should never reuse passwords, especially your Kerberos password. However, keeping track of unique, strong passwords for each website can be hard. That’s where a password manager like LastPass comes in.
LastPass remembers all of your passwords for you and can help generate original, secure passwords. A master password and Duo multi-factor authentication are required to access your account’s password vault. All of your passwords are encrypted before they are stored on LastPass servers. The KB has a guide on how to sign up.
CrashPlan is a cloud-based backup solution for your computer. In the event of an unexpected loss of data, you will be able to restore your files from the cloud. This service is completely free to members of the MIT community.
Go to IS&T’s CrashPlan page to download the software, then select “New Account” and login with your Kerberos user ID and password.
Once that’s done, CrashPlan will automatically backup all your data. It will continue to run in the background once the initial backup finishes, ensuring that new files and changes are saved to the cloud.
Sophos is an anti-virus program that can detect malicious files on your computer. It runs in the background and alerts you if suspicious files are found. Go to IS&T’s Sophos Anti-Virus page to download the program. Go to IS&T’s Sophos Anti-Virus page to download the program. Installation instructions are available in the KB for Linux, Mac, and Windows.
CrowdStrike is an anti-malware program that operates silently and uses machine learning to detect and block malicious behavior on your computer. It is different from a traditional antivirus program in that it looks for indicators of nefarious activity rather than detecting known malware. You can download it from IS&T’s Crowdstrike Falcon Host page. Installation instructions are available in the KB.
To further protect your devices, IS&T recommends implementing whole disk encryption to safeguard everything on your computer in case it is lost or stolen. You’ll notice no difference in performance once your computer’s data is encrypted. For more information, see IS&T’s Encryption page.
STOP tags are physical theft-deterrent tags for laptops and tablets. They are registered to you and deter theft by being extremely difficult to remove. If forced off, they will leave a “tattoo” on the device which reads “stolen property.” IS&T, in conjunction with the MIT Police, tags your laptops and tablets free of charge. Learn more about laptop tagging in the KB. It’s also a good idea to get a cable and lock for your device. Read more here about property loss and recovery.
With your computer tricked out with all these security features, you’ll be well protected from data loss or corruption. It’s a good idea to implement these security protocols before you arrive on campus, since MIT is a target for hackers, phishing schemes, and thieves. Better safe than sorry! Look out for more blog posts to help you and other incoming freshmen get ready for MIT and feel free to contact IS&T’s Service Desk with any computing questions.