Personal Computing

Security Recommendations

Passwords

• Make sure your password is difficult to guess by both a computer and a human. IS&T has guidance on password complexity requirements here. 
• Do not share your password with anyone.  If your password is compromised, STOA advises changing it immediately to prevent unintended consequences.  STOA will never ask you for your password, nor will IS&T or our IT Partners in the wider SA&P and MIT community.  
• If you would like to change your password, you can find more information on how to do so here.
  • If you are on a Windows machine that is not connected to MITNet, and you log into either athena.mit.edu or win.mit.edu, please follow the instructions from IS&T here.  
• Password vault programs allow you to generate and hold on to more complicated passwords for your accounts. Some free example programs are:
  • Apple Keychain 
  • LastPass (licensed to MIT Community members)
• If you have multiple people using your computer, please create a separate account for each user, with unique credentials for each.

DUO (Two-Factor Authentication)

Two-factor authentication (2FA) is a security mechanism that is becoming more available in many platforms and cloud-based services.  STOA recommends using 2FA wherever it is available, to add an additional layer of non password-based security. MIT enforces two-factor authentication for most of its services, including Touchstone, through DUO.

All MIT users should register for DUO here: https://duo.mit.edu. 

Encryption

Whole disk encryption ensures that no one except for you will be able to access to your files should you device be stolen (and if they cannot guess your password). Without disk encryption, it is trivial for someone to gain access to all your files even without knowing your password. Furthermore, hard disk encryption on the Macintosh allows one to ‘remote’ wipe’ the entire contents of the drive should the need arise.

STOA recommends you enable FileVault on your Mac. For Windows, we recommend Windows’ built-in BitLocker. eCryptfs, included in most Linux distributions, can encrypt individual home directories. 

Antivirus/Malware Protection

• All modern operating systems have automated update systems. STOA advises staying as up to date as possible on your machine, and taking the steps to ensure that you are running the latest security updates at an absolute minimum.
• STOA recommends the use of Sophos on both macOS and Windows platforms, and this is provided free of charge to the MIT Community. We also recommend you augment your antivirus with endpoint protection on all MIT owned machines.  Crowdstrike Falcon is the current offering from IS&T.
• Be careful when clicking on links in suspicious emails and on unfamiliar websites.  We also browsers like Chrome, Safari, Firefox, and Edge.  On all operating systems, make sure you’re up to date with all of the security updates for whichever web browser you choose.
• Do not enter your administrative password unless you have specifically launched an application that requires it.

Mobile Devices

• Most modern mobile devices have the ability to set a strong password, passphrase, gesture, or passcode, and STOA strongly recommends using these features to prevent danger to your personal data.
• Many modern mobile devices have a remote wipe capability. If the device is on and connected, you can reach it through a website or computer application to erase it completely.
• When at MIT, always connect to the MIT Secure wifi network instead of MIT, and make sure you have valid certificates on your device.
• For assistance with securing your mobile device, please click here.

Physical Security

• Locks can be purchased at many places where computer equipment is sold, and these are strongly recommended.
• Doors are only as secure as the last person who entered or exited. The studios and computing clusters are extremely low security, and may be targeted by thieves. STOA strongly advises that you never leave your laptop, devices, or personal items unattended in a studio or publically acccessible space.
• If you have a private office, it is recommended that you lock the door and secure any portable equipment in a cabinet when you are not in the space.
• STOP tag registrations are offered approximately once per month by MIT Campus Police. While primarily a deterrent, this particular system has a good record of equipment recovery.  Please be aware that it doesn’t protect against data theft if a computer is stolen, and this is not something that can be tracked remotely.
• Apple’s iCloud features a Find My Mac program, which runs silently in the background and can be used to locate a stolen MacBook, iPhone, or iPad. You can also remote lock and remote wipe the device if lost. If you’ve just misplaced your iPhone, you can cause it to make noises until you finally locate it behind the sofa, even if it’s on vibrate mode.

​