Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

To help secure your accounts, Penn and many other organizations have implemented two-step verification. Two-step verification adds an additional layer of security to your accounts. It works by adding something you have, such as your phone, to something you know, which is your username and password.

While two-step verification helps to keep your information secure, it can also be used by hackers to fool you into a compromise of your accounts. By being mindful of your accounts and how you use them, you can help prevent a compromise. 

Only approve push notifications when you have initiated them. If you have not entered your username and password directly onto a website, and you receive an unexpected push notification, do not approve it, and instead deny it. If you are inundated with push notifications you have not initiated, contact your local computing support immediately for assistance. Duo pushes that you have not initiated may indicate an active attempt to compromise your account.

For more information on two-step verification, visit https://upenn.edu/twostep.

--

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.