Retired Faculty and Staff Association



Technology

This page is intended to cover the most pressing questions asked by RFSA members.

What's New

Duo Authentication

Our dual authentication system (Duo) was updated on February 19, 2024 and you should have received at least one e-mail regarding the upgrade.  It is necessary to use dual when accessing any technology resource on the campus. It is more secure, and in my experience, easier to use. If you encounter a problem using dual, support information is provided at the following website or you can call the ITS help desk at (805)756-7000.

https://calpoly.atlassian.net/wiki/spaces/CPKB/pages/2425367/Multi-Factor+Authentication+Duo

Cal Poly ITS Resources & support

Computer technology is a major element in most of our lives. RFSA believes that you should be aware of all the Cal Poly resources available to retirees and important security and privacy issues related to technology and we provide it in the following categories. If there is a topic that you would like addressed on this website, please let me know. Also, I will be happy to answer any individual questions you might have. If you do wish to contact me, please send me an email: jgrimes@calpoly.edu or give me a call at 805-540-0678.

Email

Cal Poly RFSA list opt-in

Not getting Emails from RFSA? Email is the primary method RFSA uses to communicate with its members. We share updates regarding events and field trips, Cal Poly technology, and learning opportunities. Recently, we found that some retirees have accidentally unsubscribed for RFSA emails. Important note: For each email sent by Cal Poly, there is a choice of unsubscribing from that particular email list (i.e. department-specific emails) or from all email sent by Cal Poly. If you'd like to subscribe (or re-subscribe) to RFSA email correspondence, click here to complete the short re-subscription form. It would be helpful when you are talking to retiree friends, that you let them know about this possibility, especially if they have accidentally unsubscribed from our email list.

Cal Poly Email employee list opt-in

Retirees do not receive all of the Cal Poly emails sent by the President's office, Provost's office, etc. Some of you are volunteering or are otherwise connected to the university in some capacity or interest and would like to receive a more complete set of emails. You now have the opportunity to opt in and receive this more extensive set of emails. The instructions for doing so are provided below.

How To Subscribe and Unsubscribe to the rfsa-staff-email-opt- in@calpoly.edu email list:

To Subscribe*:

  • 1. Log into your Cal Poly email account
  • 2. Send an email message To:sympa@calpoly.edu.
  • 3. In the subject line of your message, type in: subscribe rfsa-staff-email-opt-in
  • 4. No need to add any message in the body of the email. If this is successful then you will receive an affirmative message from sympa@calpoly.edu.

To Unsubscribe*:

  • 1. Log into your Cal Poly email account
  • 2. Send an email message To: sympa@calpoly.edu.
  • 3. In the subject line of your message, type in: signoff rfsa-staff-email-opt-in
  • 4. No need to add any message in the body of the email

Email Forwarding

If you have a personal e-mail account such as jmustang@gmail.com, you may forward your Cal Poly e-mail to that personal e-mail account. The process for doing this may be found at the Cal Poly ITS website: https://calpoly.atlassian.net/wiki/spaces/CPKB/pages/2424922/Forward +My+Cal+Poly+Email+to+a+Different+Email. I have not forwarded my e-mail because there is no guarantee the transfers will always be successful and there are security issues. If you do this, you will have to continue to update your Cal Poly password yearly. However, you will be able to interact with all your Cal Poly e-mail on your personal e-mail account.

Application Support

Microsoft Office Licenses

You may have received an email that your desktop license for Microsoft Office will be terminated. However, it is possible for you to have it reinstated if you are volunteering with Cal Poly, involved in research, developing a publication that will be associated with Cal Poly, or doing something related to Cal Poly that requires the use of the software.
Visit bit.ly/rfsa-tech-update for step-by-step instructions to request reinstatement.
Retirees will continue to have access to the Internet version of Microsoft Office via the Cal Poly Portal. To access the Internet version of Microsoft Office, once you are logged into the portal, select Email & Calendar on the left sidebar. Microsoft application icons will appear on the left side of your screen, and then click the one you want to use

Zoom

If your access to Zoom has been discontinued, you are eligible for the license if you volunteer to do something for Cal Poly that a manager feels is valuable to the department and that person should request the license for you through the Help Desk.

OneDrive

OneDrive is a resource similar to “Google Drive” where you may store documents and access them anywhere. It is available on the Cal Poly portal.

Digital Commons

The Digital Commons provided by the Kennedy Library contains articles, reports, chapters from books, and possibly other resources that were created by Cal Poly employees. These resources are available to all retirees who have access to the Cal Poly portal.

Computer Security

This section contains information about Computer Security along with suggestions on how to keep your data safe.

The Three Parts of the Internet

It is possible to think of the web as having three parts: the surface ("open") web, the deep web, and the dark web. Many people use the terms 'deep web' and 'dark web' interchangeably, but they are not the same.

The surface web maybe traversed using standard Internet browsers such as Chrome, Firefox, and Safari to access sites such as Amazon.com. The dark web is a subset of the deep web, and websites in these areas cannot be searched by the standard browsers. Initial developments of this hidden part of the web were done by the government to provide security at a time when illegal activities were not considered a problem. Today, it is believed that the major use of these areas is for such legal things as medical records, banking, and cloud-based email such as Gmail. Unfortunately, it is also used to sell information about individuals, guns, and house such things as hate sites. This has created a major headache for law enforcement agencies.

You may pay a company to do a sweep of the Web to see if your information has been compromised. However, you can check, without charge, to see if your phone number or email address has been compromised by using the website https://haveibeenpwned.com/. However, it will not find information stored on the dark web because of the way that information is stored.

The following is an alert that someone I know got when they checked this website.

In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 or bcrypt hashes. After the initial HIBP load, further data containing names, shipping addresses and IP addresses were also provided to HIBP, albeit without direct association to the email addresses and passwords. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Compromised data: Email addresses, IP addresses, Names, Passwords, Physical addresses

Explanation. For this person, I believe they were using Etsy and a seller under Etsy was using the tool Wanelo. In this case, the person should change their password on Etsy. The Internet service provider, Spectrum, for this person protects the IP address. Unless the person moves, their name and physical address can’t be changed. As noted above, this check may not reveal all the compromised data for the person, because the dark web portion cannot be checked.

Although I would personally never recommend it because of the dangers that exist out there, you may navigate on that part of the web using a special router, such as the most popular one called Tor which stands for The Onion Router.

VPN

A virtual private network (VPN) will provide security for everything that you do on the network. Many companies require their employees to use one in order to better protect their intellectual property. Other than access to the Cal Poly portal, Cal Poly requires us to use their VPN to access work on computers on the campus. If I (Joe) want privacy when I’m using the web, I use their VPN because when I turn it on, it will be used when I go to any website. There are numerous free and use-for-a-cost versions of VPN available, but I (Joe) don’t want to recommend one.

Keep Your Software Updated

To maintain good security on your technology devices, you should keep all software current by installing updates. Many updates provide fixes of security problems that existed in the previous version of the software. The following are some devices that have software that should be updated regularly. It is best to keep all software up-to-date, but it is most important to keep your device’s operating system and browsers current. It is recommended that you enable the receipt of software update notifications so you will receive notification of updates when they become available. Also, it is recommended that after the installation you check to be sure the update was actually installed when you tried to do it.

Antivirus Software

There are several ways to provide antivirus software security for your technology devices. These are some of the possibilities, but others are available.

Protecting Your Passwords

Password Managers:

LastPass is a password manager that is available to emeritus retirees with two possibilities depending on the circumstances surrounding its use.

1. The enterprise version of LastPass (available to employees) should only be used by people actively working for the University who have a need to share secrets, like credentials for department accounts, procurement websites, etc. with others at the University. This version will provide password management of University, as well as personal-use passwords. If you are involved with the University in such a way, we will be happy to request an enterprise version for you.

2. The personal-use version is available to all emeritus retirees, and you can access information about it and resources to implement it on your computers. If a retiree is an emeritus with a Cal Poly email address, they may sign up for a free LastPass Premium account since the only qualification to get it is a valid Cal Poly email address.

There are caveats to this.

  • It is not supported by Cal Poly ITS or RFSA. This is only supported by LastPass support. If you have difficulties using it, we can't do anything to help.
  • You cannot use your Cal Poly email address for the actual LastPass account, it has to be another email address, e.g. a Gmail address. People get confused about this point.
  • It will need to be renewed annually and the renewal doesn't always work smoothly. If you encounter this problem, you would need to go to LastPass for support.
  • Cal Poly could go a different direction at some point for password management which would end the free benefit. People can continue with LastPass by either using the free version (limited to mobile OR browser, not both) or pay for Premium. There would be no guarantee of licensing available with whatever replaced it at Cal Poly.
  • As noted above, this is not available to retirees who do not have emeritus status. If you wish to sign up for this version, go to: https://lastpass.com/partnerpremium/calpoly.

Other Password Managers:

  • Apple: iCloud Keychain. Initially, this was only available for Safari on an Apple product, but we understand it is now available for Windows with a Chrome extension. You have to be on iCloud in order to use this. The following website provides information about how to set up this password manager. https://support.apple.com/en-us/HT204085
  • Apple, Windows, Android: 1password is another password manager that you may obtain for yourself individually or as a family. There is a charge for this product ($2.99 for an individual or $4.99 for a family of five) and the following is the website for it. https://1password.com/
  • 1password University contains a set of courses on security.
  • Do not share sensitive data (passwords, credit cards, etc.). There is NEVER a valid reason for anyone to ask you for your password.

Passphrases as passwords. The following website provides information about the two types of security and the trade-offs between the two methods. https://www.okta.com/identity-101/password-vs-passphrase/

    Protect Your Devices

    Secure your phone:

    • Use a 6-digit pin code for accessing your smart phone.
    • Use automatic backups in case something happens to your phone.
    • Remove applications from your phone that are not being used. Old applications may be illegally accessed to spy on the information stored on your phone.

    Protect Your Data

    Back up important material: For Apple and Windows computers and some devices you may use either iCloud or Microsoft OneDrive. The following are the websites for these resources information.

    Phishing/Spam/Scams/Cyber Ransom

    Watch out for phishing and other scams. The following are key warning signs that may be contained in the message you receive:

    • Urgency. For example, you may receive an email from what appears to be a friend asking you for immediate assistance. Most likely, it will not be their real email address and if you respond to it, they will ask you to buy something like $500 worth of bitcoins because they are in a meeting and need the bitcoins immediately. Some of these phishing emails are rather sophisticated and provide information about other people associated with you.
    • Consequence. For example, the phisher may claim that your email account will be deleted if you don’t act.
    • Trust/help. These messages often try to make it look like it’s a very trusting situation and that you are going to be a big help.

    Cyber Ransom

    Recently we have heard stories about cyber ransom attacks on big corporations using software called Ransomware. Ransomware is software that is malicious, or malware, that prevents users from accessing computer files, systems, or networks and the attacker demands a ransom. Ransomware attacks can cause disruptions and the unavailability of critical information and data.

    Major organizations such as Colonial Pipeline and JBS Foods have been in the headlines recently along with many other companies experiencing ransomware attacks. Hackers are taking advantage of security weaknesses and holding the companies hostage until they pay millions of dollars in ransom Although not heavily reported, it is known that hundreds of thousands of individuals have been attacked and required to pay ransom. THIS PROBLEM SHOULD BE A CONCERN OF OURS.

    Although it is extremely difficult for large corporations to protect their complicated computer systems and networks, we can reduce our risk to near zero by using good passwords, keeping our software up to date, avoiding risky websites, and most importantly keeping our computer systems backed up (save at least one copy of what is stored on your computer). My recommendation is that you back up your material on an external disk drive such as iCloud, as well as on the Internet. If we have our computers backed up and our computer is disabled in attack, either we or our computer support person can take our backup and restore our computer.

    If you have an interest in a topic, please send an email note to Joe Grimes at jgrimes@calpoly.edu .

    Website Security

    • SSL Trust. You can check the security of websites using SSL Trust at the website, https://www.ssltrust.com/ssl-tools/website-security-check. When asked for a domain name, enter the website name such as amazon.com. It will generate the following two reports.
    • SSL/TLS Report. This report will tell you whether it is reasonable to assume that you are safe in sending information such as credit card numbers, passwords, etc. to this website. If the report provides any issues, then it is probably not safe to send private information to that site.
    • Malware, Spam, Trust Report. If any positives are found, you can check what they mean but most likely you will not want to go to that particular website.
    • MFA. You may add extra protection using MFA with Authy resource found at the following websites.
    • This will allow you to implement multi-factor authentication like the one that is used for the portal at Cal Poly and some banks for websites when you want to have more secure access. https://authy.com/download/.
    • Set up a backup password: https://authy.com/features/backup/

    Domain Name Service

    On the Internet, Domain Name Service (DNS) translates a name that is easy to remember by a human being to a number that is associated with that name on the internet. For example, calpoly.edu is translated by DNS to a website number that is associated with it at that numeric location and will take you to that location when you are browsing. What this means is that every website has a numeric value associated with it and that is the only way that the location can be accessed. So, DNS translation makes it possible for us to access a location using an easy-to-remember name rather than a numeric number. • Windows:https://quad9.net/support/set-up-guides/windows • Mac:https://quad9.net/support/set-up-guides/mac-os You may add extra protection for DNS by adding the setting of 9.9.9.9 and optional 149.112.112.112 if your network is IPV4, or 2620:fe::fe and optional 2620:fe::9 if your network is IPV6. Most likely your network will be IPV4. If you enter the above numbers as indicated at the websites below for Windows or Mac, this protects you from accessing the overwhelming majority of malware, malicious domains, botnet infrastructure, and more. The above provides only directions for implementation. If you want further information about the details of this service, you may google “why should we use 9.9.9.9 as a DNS settings”. Your use of this service may prevent a ransomware attack, prevent your bank account from being compromised, or protect your laptop from being used as part of an illicit criminal attack on others.

    Computer Privacy

    Cookies

    Definition

    A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content.

    Purpose

    Cookies store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any information that was provided in a previous session or any set preferences can be easily retrieved.

    Advertisers use cookies to track user activity across sites so they can better target ads. While this particular practice is usually offered to provide a more personalized user experience, some people also view this as a privacy concern.

    Cookies are intended to make your browsing experience better and to simplify what you do at a particular website.

    Generally, cookies intended to be good and don't create a security threat.

    However, if you are at a website that is suspicious, don't provide any information that you wouldn't want used inappropriately. Malicious websites use cookies to collect information about you. That is one reason why you don't want to go to that type of website.

    Privacy settings

    It is important to consider the importance of privacy of your information that you place on social websites such as Facebook, LinkedIn, Twitter, etc. It is important to consider what privacy you want in terms of information that you place on these sites and determine which other users will have access specific information. However, the application may collect information about whether you have limited privacy in terms of other users.

    Choosing a Browser

    Some browsers provide more privacy than others. The following are some browsers that provide greater privacy: Brave, DuckDuckGo, Firefox, and TOR.

    Related Content