Category Archives: TechNews

Important Sharkpass/Duo Changes

Icon of No PhoneSimmons uses SharkPass to provide an additional layer of security for our Simmons login. In recent years, SMS passcodes, Duo Mobile Passcodes, and Telephone voice call verification have become avenues for scammers to steal login credentials.

On July 11, 2022, Technology will disable the use of SMS passcodes, Duo Mobile passcodes, and telephone voice calls as authentication methods for SharkPass.  Users authenticating using their Simmons Account credentials after this date must use a Duo Push to their mobile device, or an approved security token.

The Duo Push is the preferred authentication method for Sharkpass/Duo as it offers an easy-to-use and seamless experience for the community in addition to increased security.

To avoid any potential service disruptions, be sure to enroll and begin to use your Duo Push-enabled smartphone or mobile device to be used with SharkPass. Instructions may be found at the SharkPass Information website.

What if I don’t have a cell phone or mobile device?

If you do not have a cell phone that is compatible with the Duo Push, you may be eligible for a free two-step verification hardware token. Please contact the Service Desk, at 617-521-2222.

These changes are a part of Simmons’ continual efforts to make our systems more secure.  Please be on the lookout for future communications describing improvements to this service.

On-the-Ground UG Courses Move to Moodle

Beginning with the upcoming Summer semester, on-the-ground Undergraduate courses will transition back to Simmons Moodle Learning Management System from the Digital Campus supported by 2U that was utilized during the past two years.  Courses will be made available by faculty just prior to the first meeting of the class.  

Students may contact instructors about accessing courses in Moodle.  Additional information about navigating the platform is available at Moodle for Students.  For technical difficulties or issues accessing your account, please contact the Simmons Technology Service Desk.

Password Reset

Icon for Password ResetSimmons Technology is requiring a mandatory password change for all members of the community.  Regularly changing your password is a necessary step toward keeping Simmons and your personal information secure. 

When you update your password, you will also be required to review and acknowledge our Information Security Policy and Acceptable Use Policy.

You can find instructions for changing your password on the Service Desk website.

Please reset your password by July 11, 2022  to avoid any disruption accessing your Simmons account.  Please contact the Technology Service Desk for more information or assistance.

Icons made by Freepik from www.flaticon.com

Ongoing Security Concerns

Many institutions of higher learning are falling prey to an increasing number of phishing attacks.  Simmons is no exception.  Phishing attacks have soared 220%1 since the beginning of the pandemic.  Despite our active monitoring efforts and alerts to the community, too many of us still fall victim.  Breaches of Simmons login credentials this month have resulted in compromised computers used to send even more phishing messages and most recently unlawful access to Workday where banking information was exposed and in one case changed.  Giving up your password to a phishing site has serious consequences.

1https://www.f5.com/company/news/features/phishing-attacks-soar-220–during-covid-19-peak-as-cybercriminal

Sharkpass/DUO Do’s and Don’t

While Sharkpass/DUO gives us an edge against cybercriminals, it is not foolproof.  Imposter login websites often include a false DUO page and ask for you to input a code from your DUO mobile app.  Doing so gives up your account to thieves who then have access to your personal information and the ability to direct your paychecks or refunds away from your bank account.  Simmons Sharkpass/DUO page will also only begin with “idp.simmons.edu.”

What else you should and shouldn’t do

  • Change your password regularly.
  • Report phishing messages you receive in the Gmail menu with “Report Phishing”
  • Don’t forward phishing messages to anyone. Friends and colleagues can fall victim too.
  • Consider using Gmail’s mobile apps on iPhone and Android instead of the provided mail apps.  Gmail’s app presents warnings about suspicious messages and allows you to report phishing messages.
  • Don’t click on links or download attachments from messages you are not expecting.

Remember, real Simmons sites start with idp.simmons.edu!”

What we’ll be doing

Simmons Technology continues to review recent incidents and take actions that make our infrastructure safer and less appealing to cybercriminals but there isn’t much we can do if you give away your credentials online.  In an effort to make our login process more secure, we will be doing the following in the near future:

  • Removing DUO mobile passcode, phone callback, and SMS passcode features from Sharkpass/DUO.  Logging in will require utilizing a “Push” to your mobile device.  
  • For those unable to use the DUO Push notification on their mobile app, hardware tokens and security keys will be made available.
  • Implementing a mandatory password reset for the community.  

We realize these measures will cause a small change in the way some of us work and utilize Simmons resources.  We are confident that after a brief adjustment, all will be able to adapt and aid in helping create a safer online environment.  Please stay tuned for more information about these upcoming information security changes.  And please reach out to me or the Technology Service Desk ([email protected] or 617-521-2222) with any questions or concerns.

Thank you,

David Bruce
Vice President, CIO
Simmons University

October is CyberSecurity Awareness Month

Do Your Part. #BeCyberSmart.

Cybersecurity & Infrastructure Security Agency LogoPhishing and social engineering campaigns are the #1 source of ransomware and other malware1. Reduce your chances of your falling victim to phishing attacks!

  • Update your passwords. Consider using the longest password possible. Be creative and customize your passwords for different websites. Use a password manager to keep track of them.
  • Enable two-factor authentication on your accounts where available.
  • Limit the information you post on social media. Cybercriminals use public information to know you better, so be sure to keep personal information safe from strangers.
  • Keep track of your apps. Make sure your apps are up-to-date and check your app permissions.
  • Update your computer and mobile devices.
  • Make sure your antivirus is up-to-date and running.
  • Stay protected while connected. Only connect to legitimate wireless hotspots. Avoid sensitive activities on public networks and only use sites that begin with “https://” when shopping or banking online.
  • If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Sharkpass Duo Mobile App Update

Screenshot of Updated Duo MobileBeginning in October, Duo Security — the technology behind Simmons Sharkpass — will be updating their mobile application on Apple iOS and Android platforms.  The redesigned application, which will be released through the Apple App Store and Google Play Store, will be delivered if you have automatic updates enabled on your device.  The new version’s improvements include:

  • Updating the position of the Approve / Deny buttons so that Approve is on the right, a more natural location.
  • Improving the accessibility of the app, including adding a landscape view, variable font sizes, and improved color contrast.
  • Providing clear guidance on restoring your accounts if you get a new phone.
  • Making it easier to find and manage your accounts with a simpler interface.

The new version will contain all the functionality of the current one.  All of your protected accounts will be automatically present in Duo Mobile after the update. You will not need to re-add anything. In addition, all of your existing settings, such as for Duo Restore for third-party accounts like Instagram or Facebook, will also carry over automatically.

Duo can also be used to secure access to other online accounts and services such as Twitter, Facebook, and Amazon.com.  Check out Duo’s Guide to Two-Factor Authentication.