Networking and information technology allow us to improve our reach and efficiency, but with great power comes great responsibility. Cyber criminals often target large organizations like Stockton with phishing scams and social engineering, 2-Factor Authentication is currently the most powerful defense available against these attacks, and Stockton University is leveraging the Duo Security platform to enable easy and non-intrusive 2-Factor Authentication across secure services such as Banner and E-mail.

 

To begin, start by downloading the Duo Mobile App for your smart phone.  Although the Duo Security platform has multiple ways to provide a second authentication factor, we recommend using the Duo Mobile app for IOS and Android for the best experience.    

 

After you've installed the Duo Mobile application on your phone open a web browser on your computer and navigate to the Stockton goPortal at https://go.Stockton.edu to login to your account by clicking on the "Login to goStockton Portal".  

 

After entering your username and password you will be prompted by Duo to enroll in 2-Factor Authentication click on the “Start Setup” button and choose the setup option “Mobile phone”.

 

Next, select the setup option “Mobile phone”.
 

 

Enter the phone number of the device you’re enrolling in 2-Factor Authentication, make sure to check the confirmation box that your phone number is correct.

 

Select a device type

 

 

 

 

 

 

 

 

 

Depending on the device you’ll be using to enroll in 2-Factor Authentication, follow either the Android or iPhone instructions below. If selecting “Other” you’ll receive the option of either receiving a phone call or a text message passcode to authenticate.

 

 

If your scan was successful, you should see a green check mark appear over the QR code. Click Continue to proceed.

Choose an authentication method to proceed with logging in to your account, you may check the “Remember me for 30 days” box to remain authenticated with Duo for 30 days.

 

 

 

 

 

 

 

If using “Send me a Push” Duo will create a notification on your phone when you attempt to log into a secure service.

 

 

 

 

 

 

Tap the green button to approve your login attempt.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you experience any issues enrolling with Duo 2-Factor Authentication, contact the IT Services Help Desk at 609-652-4309.

 

 

Phishing is any attempt to disguise electronic communications with the intent to defraud and acquire information such as usernames, passwords, or credit card details. As computer networks become hardened against online attacks, social engineering has become a more potent vector and an attractive target for criminals. Stockton University takes network security seriously and asks that you notify staff of any phishing attempts you receive.

What to do to avoid being a Victim

Stockton Employees

• Be aware of suspicious messages. You can be the most powerful weapon against Spam and Phishing
• Keep your computer's operating system and antivirus up to date
• Stockton employees, block spammers and phishers.
• In Outlook (client version), right click on the suspicious email, select Junk and click on Block Sender.
• In Outlook Web App (web version), right click on the email and click on Mark as Junk.

If you have received a message directing you to reply with or otherwise enter personally identifiable information online, please report the message as a phishing attempt by forwarding the message to phishing@stockton.edu, which reports the phishing solicitation to the Information Security team.

 

Stockton Students

• Stockton students, learn how to block unwanted messages in Gmail.

 

We all play a critical role in keeping institutional data secure and to aid in this task, we ask that you take a skeptical approach to any solicitations that seem suspicious. Stockton University's Information Technology Services will never ask you to disclose your password (via email or otherwise). 

If you suspect that you’re being targeted, please notify information.security@stockton.edu via email or by calling (609) 652-4779. 

Additionally, if you feel unsure about an email message sent from a member within the Stockton community, please reach out to them or their unit directly for clarification (before clicking on included links or opening suspicious attachments).

While Stockton and our vendors employ strong security measures to safeguard your data, the main line of defense is a secure password – any level of encryption can be bypassed if a password is compromised through subterfuge, sharing, or simplicity.

 

Keep your password secure.

Never tell someone else your password. Stockton University feels so strongly about this aspect of password protection that it is specifically stated in the acceptable use policy in Standard 2.  Use unique passwords for individual accounts. Do not reuse the same password, or variations of the same password. Additionally, you should use a password manager. These tools can store - and generate - strong, long, and unique passwords for you. Taking these steps greatly reduces the risk of unauthorized access and helps ensure your personal and institutional data stay secure.

Avoid password pitfalls

Don’t choose a password that uses personal information that someone could easily find out about you. This includes information such as:

• Your name, username, or nickname
• Names or nicknames of friends, relatives, pets, or locations that are special to you
• Numerical data about you such as birth date, social security number, license plate number, phone number, address, or zip code
• Technical terms or names of prominent individuals in your field of expertise

Don’t choose a password that others might also choose. You should avoid:

• Names of famous people such as sports figures, literary characters, mythological figures, biblical figures, actors, or political figures
• Any commercial brand names
• Names of cartoon characters or science fiction characters

Choose a good password

A good password is one that is easy to remember but hard to guess, and the best way to achieve this under our updated 12–64 character requirement is to use a long passphrase. Instead of short or complex strings, you can create a strong passphrase by combining several unrelated real words. A passphrase like "window-carpet-north-pebble" is simple to recall yet extremely resistant to guessing attacks. You can also build a memorable phrase that mixes in numbers or symbols where appropriate, as long as the overall length remains high. The key is to focus on long, unique, and unpredictable combinations that you can remember without relying on personal information.

 To reset your GoStockton Portal password, you can complete the online Self-Service Password Reset form.

Traditionally, resetting a GoStockton Portal password necessitated a call to the IT Services Help Desk. Our new self-service form empowers individuals to reset their GoStockton Portal passwords even outside of normal Help Desk operating hours.

 

If you’ve forgotten your GoStockton Portal password, you can quickly and easily reset it by clicking on the “Forgot your username or password” link on the Portal login page.

 

 

On the next page, enter your username, date of birth, and social security number to verify your identity. All transmitted information is encrypted, and any data entered into this form is not retained after the password reset is processed.

 

 

Once your identity has been verified, enter and confirm your new password. Passwords should be between 12 and 64 characters long.

 

 

After submitting your new password, you’ll receive a confirmation page. You can now log in to the GoStockton Portal and other web services. New passwords may take up to ten (10) minutes to synchronize to Stockton’s WiFi network. If you require assistance with resetting your GoStockton Portal password or accessing services with your GoStockton credentials, please contact the IT Services Help Desk at 609-652-4309 or stockton.edu/helpdesk.