Cybersecurity Awareness Month 2025

Week 1

Getting hacked sucks. Vampire teeth on red background

Getting Hacked Sucks

–  Enable multi-factor authentication when available to secure your accounts.

Multi-Factor Authentication

Expand the sections below to learn about multi-factor authentication.

Multi-Factor Authentication (MFA) is a security mechanism that provides an additional layer of protection by verifying digital users through at least two authentication factors. There are three common types of authentication factors:  

  • Something you know:  This refers to information known only to the user. For example: unique passwords, security questions, PIN codes.
  • Something you have:  This refers to something that the user owns. For example: a smartphone or a security token.
  • Something you are:  This factor refers to something that is exclusive to the user. For example: biometrics (e.g. fingerprint, facial scan).

Multi-factor authentication is the most effective way to protect your accounts. With multi-factor authentication, even if a password is compromised, a malicious actor would have to obtain an additional piece of information to gain access. When offered to “enable” or “turn on” MFA on your personal accounts such as Facebook, Amazon or Google, we strongly encourage you to do so. 

At LSU, MFA is offered for all applications behind Microsoft authentication such as Workday, LSU email, Teams, Box, and Zoom.

All users will need to configure two methods for MFA: one as a primary method and a secondary method to be used as a backup. It is recommended that MFA be configured on different devices to ensure that you do not lose access in the event that a device and/or phone number change.   

While multi-factor authentication is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around multi-factor authentication by tricking users into approving a malicious sign-in attempt.

In a “MFA Fatigue Attack,” hackers that have stolen a user’s password may generate several MFA approval notifications or phone calls in a short period of time, hoping that the account owner approves one of the verification requests due to confusion or annoyance. Cybercriminals also can also use phishing messages and malicious “man-in-the-middle” websites to intercept a user’s sign on attempt and MFA approval, or the attackers may impersonate IT support and request your MFA code or instruct you to approve a specific login. In these cases, if the MFA request is approved or provided to the attacker, it can grant the cybercriminal access to the account. 

Therefore, if you are receiving multi-factor authentication log-in requests when you aren’t directly trying to log in, do not approve the requests!

Providing your password or MFA verification to another via a form, text message, or phone call puts your account at risk of compromise; this may lead to your account being temporarily suspended in the event your account is used to send malicious messages or exhibits other suspicious activity.

If the request is for your LSU account, you can submit a “Fraud Alert” via the MFA phone call or app notification, or you can contact the Service Desk at 225-578-3375 or by email at servicedesk@lsu.edu

If the MFA request is for a sign-in with another account, consult that service’s support for further information. 

In any case, if you receive an unexpected MFA approval prompt, change your password for the account ASAP to prevent further malicious sign-on attempts and MFA verification requests. Also, if you reuse the potentially compromised password, change it for any other account that uses it (this is why every password should be unique). 

Don’t let this deter you, though. Multi-factor authentication is typically very safe, and it is one of the best ways you can bolster the security of your data! 

Test your knowledge, get coordinates, scan codes, and be entered to win. Ready to play?

Take this week’s quiz!

 

Week 2

Man in yellow jacket holding balloon

It would be wise....

– to use a password manager to easily create unique and complex passwords.

Password Management

Expand the sections below to learn about password management.

We’ve gone from having just a couple of passwords to manage in the past, to managing upwards of 100 or more. If you’re like most people, you’re probably using the same password for most of your accounts—and that’s not safe.

If your one password gets stolen because of a breach, it can be used to gain access to all your accounts and your sensitive information.

Perhaps you do use unique passwords, but to keep track, you write them in a notebook or keep them on sticky notes. This leaves you vulnerable to prying eyes.  But there is no need to fret; password managers are easy to use and make a big difference.

Want to check to see if your passwords have been exposed? Check out our additional resources below.

The best way to manage unique passwords for the ever-increasing number of online accounts we own is through a password manager application. A password manager is software created to manage all your online credentials, like usernames and passwords. It stores them in a safe, encrypted database and generates new passwords when needed. When you need a password, you can get a hyper-strong suggestion that is automatically stored in the password manager with just a few clicks. Say goodbye to short, reused passwords, and hello to strong, unique passwords! 

Because the password manager stores all your passwords, you don’t need to memorize hundreds of passwords or keep that secret password paper in your drawer. Now, you only need to remember one to unlock your password vault in the manager app, so it makes things so much easier. 

Pro tip: because the password that unlocks your vault is the “key to the castle”, it is vital to ensure that this password is unique, long, and complex. See additional resources below for password best practices.

Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages as well. 

  • Saves time 
  • Works across all your devices and operating systems 
  • Protects your identity 
  • Notifies you of potential phishing websites
  • Alerts you when a password has potentially become compromised 
  • Most can be used along with multi-factor authentication for even more security

Even though password managers are the best way to keep your information safe, many people are afraid that storing all their passwords in one place means they are at risk if a hacker breaches your vault. 

Password managers today are safer than ever before, and they are much safer than using a physical notebook, storing passwords in a Notes app or reusing passwords that are easy to remember. However, password managers should not be considered risk-free due to ever-increasing technological advances. Try to choose a password manager that utilizes multi-factor authentication for an added layer of security. 

Compare your options and look for a quality password management system – you have a lot of choices! See additional resources below for best password managers of 2025.

Does a safer and easier method of logging into your accounts exist? Yes! Many websites now use a technology called passkeys, which is a secure way to sign in to your account without using a password. Most websites have not yet adopted this technology, which is why using a password manager is still recommended.

Want to know more about passkeys? Be sure to check out the passkey link in the additional resource section for more details!   

Test your knowledge, get coordinates, scan codes, and be entered to win. Ready to play?

Take this week’s quiz!