Compromised Credentials

Decorative image with a lock

A credential dump is a list of email addresses and other information sometimes including passwords that are published or sold online. When you read coverage on the news about the data breach of a big company like LinkedIn or Dropbox there is often a subsequent credential dump being leaked.  More often, however, credential dumps take the form of lists that come from numerous smaller data breaches from many compromised websites over the course of several years.

These lists are commonly exploited because of insecure password practices.  According to a 2018 study, 59% of users mostly or always use the same password or variation of the same password across multiple online accounts; 62% of users use the same passwords between work and personal accounts; only 55% of users update their password after news of a site or service leaking their credentials; and 61% of users claim “fear of forgetting” as the primary reason for reusing passwords.  Hackers rely on practices like these to gain access to seemingly unrelated accounts after credentials are leaked.

What about my Simmons account?
Simmons Technology receives regular updates from information security sources that will notify us when our users’ credentials are potentially leaked and our Service Desk staff is ready to assist with account compromise and password reset procedures. Additionally, we require the use of SharkPass for our web applications which adds an additional layer of security to your login.

What else can I do?
Luckily, there are a few resources available to reduce the impact of credential dumps:

  • Check your accounts!  Have I Been Pwned is a web service that allows you to search across multiple credential dumps to see if your email address has potentially been compromised.
  • Stop reusing passwords across different websites and services.  LastPass is a password manager and password generator that stores and encrypts passwords for different websites.
  • Change your passwords.  For your Simmons account, visit preferences.simmons.edu and reset your password from time-to-time. Remember to choose strong passwords of at least 8 characters including both letters and numbers, and at least one non-alphanumeric character (e.g. “$1MmonsC0l1eg3”).
  • Enable two-factor authentication, like Sharkpass, on where available on external accounts.  Two Factor Auth (2FA) provides a good list of sites and services that support it.

Questions or concerns about Information Security?
Contact Richard Phung, Information Security Analyst.

Introducing: Zoom

Zoom logo

Simmons Technology is excited to announce Zoom – our new web conferencing solution to replace GoToMeeting. Zoom services will begin later this month, with the official switch from GoToMeeting taking place on May 31st.

Why are we switching to Zoom? As general best practice, the Simmons Technology Business Solutions Office evaluates campus wide technology services every three years. Seven months ago, we began the evaluation process of GoToMeeting. We distributed an RFP to five vendors and have narrowed down the finalists to Zoom and GoToMeeting. We concluded that Zoom offers more control over meetings that could maximize the remote learning experience. These features include:

  • Simpler intuitive user interface
  • Greater screen and webcam sharing capacity
  • Virtual breakout rooms
  • Virtual waiting room
  • Delegated scheduling privileges
  • More control over cloud recording/sharing
  • Seamless Simmons Moodle integration

To learn more about Zoom, we will be holding two information sessions:

  • May 7th 12:30pm – 1:30pm in Kotzen (L001) 
  • May 8th 11:30am – 12:30pm in C103

If you are interested in receiving personal assistance with Zoom, we will be having drop-in sessions during the following dates:

  • May 6th – May 10th, 3pm – 5pm in L330

Additionally, Zoom offers excellent free online resources about its features and services:

Questions or concerns about Zoom? Contact Ken Chan, Business Solutions Analyst.

Do You Know About Twinning?

The phone Twinning features of the Simmons phone system allow your desk phone calls to also ring on your cell phone or home phone. It’s a useful feature for employees who work remotely and need to make calls. Because the feature works with your desk phone, you’ll never have to give out your personal phone number while remote.

Twinning Directions:

Note: to initially set up twinning you MUST contact the Service Desk. Make sure to include your extension and the number you would like twinned.

To turn twinning on:
From the remote phone that you have set to be twinned, dial (617) 521-3997. When you hear a tone, twinning has been enabled.

To turn twinning off:
From the remote phone that you have set to be twinned, dial (617) 521-3998. When you hear a tone, twinning has been disabled.

For more information on Twinning, please contact the Service Desk at 617.521.2222 or servicedesk@simmons.edu.