Protect your username and password. ALWAYS. | Computer Security Incident Response Team

When you saw the headline, you probably thought, “Here we go again…the same tired advice about protecting your username and password, never sharing it with anyone, and on and on.”

Been there, done that. Even wore the T-shirt.

We know that we keep on reminding you of this, but it’s for your own safety. Over the past few months, we’ve heard of and investigated a number of instances where people had money stolen or their accounts compromised. Some were related to phishing attacks – whereby they clicked the link and entered their username and password. There were also a handful of instances where individuals actually shared their contact details with someone they thought they could trust.

Let’s be clear: once you get the keys to someone’s vault, the temptation is too great not to go looking to see what you can find. Whether it is to snoop through their email, use their WiFi, or even post messages on their social media accounts. Okay, maybe that seems extreme, but some people have done that. You think you’re giving someone your UCT details so that they can only use the WiFi on campus. They could then easily share that information with another friend who may use it to illegally download movies and series. They may share it with another friend who has mad tech skills and wants to see how far he can get in accessing the UCT network.

All this could be going down without you even knowing about it. Problem is, since it is your login details, you will be held responsible for all these actions. The bottom line is: you can get into serious trouble. So, avoid the drama and don’t take the risk. Life’s too short.

Rather, go the extra mile in securing your online accounts, using multi-factor authentication (MFA). This electronic authentication method requires you to log in using two different mechanisms. You first enter your password and then need to use another security method such as entering a one-time pin (OTP), or scanning your fingerprint.

This provides more security for your account because even though someone else may have access to your login details, they still require your mobile device to complete the next verification step.

UCT has rolled out MFA for staff members on Microsoft 365 applications (i.e. Teams and Outlook) and ServiceNow. Staff are only able to access these services once they have entered their UCT network password along with authenticating via an app on their smartphone (or a verification code sent via SMS).

This is similar to online banking, where you need to enter an OTP or use an authentication app in order to make payments.

The student rollout will be announced in due course.

That extra step can be what saves you from a cyberattack.

So, if your online accounts and services offer MFA, use it wherever possible to ensure that your information remains secure and cannot be accessed by unauthorised individuals.