Please see the recommendations offered by IS&T.
We currently have a number of 27-inch iMacs which, although unable to make use of the latest Mac OS, can run Monterey and also be configured to run Windows. These machines are available for MIT Architecture students to use remotely, free-of-charge, for a predetermined period of time. The computer specs are here: https://support.apple.com/kb/SP731. If you are interested in one of these machines, please e-mail stoa@mit.edu.
STOA recommends using Code42 to all MIT students, faculty, and staff affiliated with the department. This is an automated solution that allows the user the flexibility to select individual folders or the default backup set, and then stores copies of those folders off-site, where they can be managed and retrieved as needed.
This is a superior method to manually copy and pasting files and folders to an external hard drive or public cloud (e.g. OneDrive, Dropbox).
As a supplementary method of backing up your data, be sure to:
In addition to Code42, there is other software that will run incremental backups to local media (e.g. an external hard drive or backup drive), and those that run incremental backups to network volumes or cloud storage. An example of the former is Apple's free 'Time Machine' backup software which comes with OS X, while the latter applies to the OneDrive or Google Drive applications.
We strongly recommend the use of Code42 for all MIT related work. For installation, please see here: http://ist.mit.edu/crashplan
A note on Virtual Machines: Should you be using Virtual Machines (VMs) on your computer, then be sure to *exclude* them from backups. Our recommendation is to store all VMs in ~/Virtual Machines (where '~' denotes your home directory), and then configure your backup client to exclude the entire 'Virtual Machines' directory. Please consult your backup documentation for details or drop by cron.
At the moment, there are no separate email domains that STOA oversees, so the following applies for all @mit.edu email addresses. For more information, see the IS&T knowledge base's Exchange article here.
STOA officially supports the Outlook mail software, as well as the in-browser counterpart at owa.mit.edu. Apple Mail is supported on a best-effort basis.
Please see below for answers to commonly asked questions related to email.
Yes, however you must use your MIT email address when writing to most MIT email lists, all ARCH email lists, and as your response to most forms at MIT. Please keep in mind that your alternate email may be caught in spam filters, and that there may be privacy concerns to consider when using non-MIT email.
Instructions for email forwarding can be found here.
Outlook is recommended by both STOA and IS&T for the best experience with your MIT Email. You may also use the Outlook Web Access client here.
STOA does not recommend the use of Apple Mail, Thunderbird, or other 3rd party mail clients.
You can check this by going to https://owa.mit.edu, logging in, then hovering your mouse over your name as appears on left hand side of screen above your mailbox list.
30MB. For more information, please see IS&T's knowledge base article Q: What is the attachment size limit on MIT's email system?. Should you need to send an attachment larger than 30 MB, it is best practice to use a Dropbox or OneDrive link instead.
These tips should keep your email quota under control.
Web certificates allow for trusted and secure connections with certain web sites at MIT. For example, WebSIS (the MIT Student Information System) is only accessible to those with MIT Site Certificates and Personal Certificates installed in their web browsers. Please note that you cannot get web certificates without first obtaining your Kerberos ID.
Web certificates are tied to particular web browsers. So if you were, for example, to use Safari, Firefox, or Opera web browsers on your Macintosh, you would need install certificates for each of these browsers. STOA strongly recommends using CertAid to configure your certificates for Chome, Internet Explorer, Edge, and Safari. For Firefox, please click here.
For all other browsers, please use the Get an MIT Certificate page. To test your certificates, please click here.
Personal certificates expire every year on July 31st. When renewing certificates, please be sure to delete your old (expired) certificates.
This section covers operating system upgrades for both Mac and Windows workstations. We recommend performing the maintenance described in this section at the beginning of every term.
For optimum performance, the operating system and installed applications should be kept up to date. If your Mac is running a version of macOS more than one generation behind, please upgrade now following the macOS Upgrade instructions below:
macOS Upgrade
Be sure your computer is running the latest macOS release with ALL of the latest patches (Monterey). If it is not, follow steps below:
Malware Protection
IS&T provides Sophos to all faculty, staff and students. You may also want to run Crowdstrike along side Sophos to maximize your protection.
For optimum performance, the operating system and installed applications should be kept up to date. Windows Update should manage this automatically, but be sure to restart your computer when prompted.
Windows 10 Upgrade
While a new Windows installation will make sure your computer is in good condition, those with any version of Windows should make sure they are in good health by doing the following:
Make sure your password is difficult to guess by both a computer and a human. IS&T has guidance on password complexity requirements here.
Do not share your password with anyone. If your password is compromised, STOA advises changing it immediately to prevent unintended consequences. STOA will never ask you for your password, nor will IS&T or our IT Partners in the wider SA&P and MIT community.
If you would like to change your password, you can find more information on how to do so here.
If you are on a Windows machine that is not connected to MITNet, and you log into either athena.mit.edu or win.mit.edu, please follow the instructions from IS&T here.
Password vault programs allow you to generate and hold on to more complicated passwords for your accounts. Some free example programs are:
LastPass (licensed to MIT Community members)
If you have multiple people using your computer, please create a separate account for each user, with unique credentials for each.
Two-factor authentication (2FA) is a security mechanism that is becoming more available in many platforms and cloud-based services. STOA recommends using 2FA wherever it is available, to add an additional layer of non password-based security. MIT enforces two-factor authentication for most of its services, including Touchstone, through DUO.
All MIT users should register for DUO here: https://duo.mit.edu.
Whole disk encryption ensures that no one except for you will be able to access to your files should you device be stolen (and if they cannot guess your password). Without disk encryption, it is trivial for someone to gain access to all your files even without knowing your password. Furthermore, hard disk encryption on the Macintosh allows one to 'remote' wipe' the entire contents of the drive should the need arise.
STOA recommends you enable FileVault on your Mac. For Windows, we recommend Windows' built-in BitLocker. eCryptfs, included in most Linux distributions, can encrypt individual home directories.
All modern operating systems have automated update systems. STOA advises staying as up to date as possible on your machine, and taking the steps to ensure that you are running the latest security updates at an absolute minimum.
STOA recommends the use of Sophos on both macOS and Windows platforms, and this is provided free of charge to the MIT Community. We also recommend you augment your antivirus with endpoint protection on all MIT owned machines. Crowdstrike Falcon is the current offering from IS&T.
Be careful when clicking on links in suspicious emails and on unfamiliar websites. We also browsers like Chrome, Safari, Firefox, and Edge. On all operating systems, make sure you're up to date with all of the security updates for whichever web browser you choose.
Do not enter your administrative password unless you have specifically launched an application that requires it.
Most modern mobile devices have the ability to set a strong password, passphrase, gesture, or passcode, and STOA strongly recommends using these features to prevent danger to your personal data.
Many modern mobile devices have a remote wipe capability. If the device is on and connected, you can reach it through a website or computer application to erase it completely.
When at MIT, always connect to the MIT Secure wifi network instead of MIT, and make sure you have valid certificates on your device.
For assistance with securing your mobile device, please click here.
Locks can be purchased at many places where computer equipment is sold, and these are strongly recommended.
Doors are only as secure as the last person who entered or exited. The studios and computing clusters are extremely low security, and may be targeted by thieves. STOA strongly advises that you never leave your laptop, devices, or personal items unattended in a studio or publically acccessible space.
If you have a private office, it is recommended that you lock the door and secure any portable equipment in a cabinet when you are not in the space.
STOP tag registrations are offered approximately once per month by MIT Campus Police. While primarily a deterrent, this particular system has a good record of equipment recovery. Please be aware that it doesn't protect against data theft if a computer is stolen, and this is not something that can be tracked remotely.
Apple's iCloud features a Find My Mac program, which runs silently in the background and can be used to locate a stolen MacBook, iPhone, or iPad. You can also remote lock and remote wipe the device if lost. If you've just misplaced your iPhone, you can cause it to make noises until you finally locate it behind the sofa, even if it's on vibrate mode.