Loading...
Essential Tips
These apply no matter what kind of device you're using.
1. Use a modern browser, and keep it updated:
2. Always use the following browser extensions:
3. Disable Java and Flash in the browser unless you need it.
If you must use Java/Flash, try using one browser with them enabled for entertainment (music, movies, forums) and one without for high-security tasks (banking, shopping, email)
 
  • Slow down and be careful when an email contains:
    • An attachment
    • A link
    • Or a request for your information.
  • Verify independently when:
    • An Individual emails you: When someone seems out of character, get their info from an independent source, then call or text them asking if they sent you that email.
    • An Organization emails you: Verify their site address and contact info via a Google search or similar. Hover your cursor over the link in the email and see if it matches with the verified address.
    • If you can't verify the email, don't trust it!
  • Mark fraudulent emails as spam, or report them to abuse@utexas.edu so we can update our filters.
When coming up with a password, keep the following key values in mind:
  • Easy to remember
  • Long (16+ characters)
  • Uses different characters (lower/upper case, numbers, spaces, and other special characters)
  • Unique (no song lyrics, famous phrases, Wikipedia excerpts, etc.)
  • No personal information (no birthday, name, name of company, address, info from your blog or social media, etc.)
Seem daunting? It's easy if you do the following:
  • Use a passphrase rather than a password
  • Include a string of 3-4 numbers and special characters
  • Consider including a word that's slang, jargon, or from a foreign language
A few sample passphrases (do not use!):
  • It's-showering-bits-0101-shoganai
  • Shining $999 horse starburst
  • Cracking@strength@holding@3.14
Curious how long it would take a hacker to get your password? Use this tool with some hypothetical passwords and passphrases.
Note: This tool isn't perfect, and hackers' resources grow every year, so aim for something that takes at least a trillion years to crack.
 
When web browsing, use a password manager to set a different password for each site. If you can't use a password manager, use different passwords for different security needs:
  • Low - Anonymous forums (Reddit, etc.)
  • Mid - Non-anonymous sites (Facebook, LinkedIn, blogs, etc.), computer guest logins
  • High - Online shopping, paid memberships/subscriptions, personal computer logins
  • Top - Email, online banking and credit card accounts, home router admin password, home wireless password
Securing your Computer
By default, your first account on Windows or Mac is an Administrator account.
In the realm of computers, with power comes vulnerability. While you are logged in as an Administrator, it's easier to install updates and software, but malware has an easier time:
  • Installing:
    • Keyloggers (to steal your passwords)
    • Back Doors (to connect to your computer and control it at any time)
    • Root Kits (to stop virus scanners from being able to do anything about it)
  • Hiding itself, modifying event logs, and covering activity
  • Entrenching itself so it's impossible to remove without erasing everything and starting over
  • Using an infected computer as a launching point to infect other devices on the network
It's more secure to use a non-privileged account for day to day activity, and use an Administrator account only when required. Here's how to do it:
Windows logo
Apple logo
Here are the top 3 steps to secure your Mac. For a full guide, see the Mac OS Hardening Guide.
  1. Open the App Store app.
  2. Click Updates in the toolbar.
  3. Click Update All to install all available updates.
Uninstall the following unless you absolutely need them:
  • Flash
  • Java
  • Shockwave
  • Silverlight
If you do, keep them up to date! They update so often because it's to fix holes hackers can use to take over your computer.
 
  1. AppleSystem Preferences
  2. Click Security & Privacy, click the General Tab, check "Require Password: Immediately after sleep or screen saver begins"
  3. Click Show All
  4. Click Desktop & Screen Saver, click the Screen Saver Tab, set Start After: to 15 minutes (5 for sensitive systems)
  5. You can instantly lock your Mac by holding Control + Shift keys, and then pressing Eject Eject icon or Power Power icon on the keyboard. 
  1. AppleSystem Preferences
  2. Click Security & Privacy, click the lock icon and enter an administrator name and password
  3. Click the FileVault Tab, click "Turn on FileVault"
  4. For each user you want to be able to unlock the computer, click Enable next to their user name, then, enter the password for that account.
    1. All other users can't use your Mac until after an enabled user logs in.
  5. You'll then be prompted for a Recovery Option:
    1. UT Faculty/Staff: Use a Recovery Key and store it in STACHE.
    2. Everyone else: Use a Recovery Key and store it in a cloud-based Password Manager, like LastPass.
  6. Restart your Mac and it will begin encrypting.
For a full guide on securing your Mac, see the Mac OS Hardening Guide.
 
Here are the top 3 steps to secure your Windows computer. For full guides, see the Hardening Guide for Windows 7 and Windows 10.
Uninstall the following unless you absolutely need them:
  • Flash 
  • Java
  • Shockwave
  • Silverlight 
If you do, keep them up to date! They update so often because it's to fix holes hackers can use to take over your computer.
 
  1. Click the Start button Windows "start" button icon. In the search box that pops up above it, type "Update". In the list of results, click Windows Update.
  2. A window will pop up. In its left sidebar, click Change settings.
  3. Under Important updates, click Install updates automatically (recommended).
  4. Under Recommended updates, check  Give me recommended updates the same way I receive important updates. Click Administrator permission required OK.
  1. StartControl Panel
  2. In the top right box, search "Screen Saver"
  3. Under Personalization, click "Change screen saver
  4. Set the wait time to no higher than 15 minutes (5 for sensitive systems)
  5. Ensure the "On resume, display login screen" box is checked
  6. You can instantly lock your computer by holding the Windows key Windows "start" button icon and then pressing L.
Windows 7
For UT-owned systems, this should be taken care of by your IT support. For personal systems, upgrade to Windows 10 and follow the instructions there.
 
Windows 8
  1. Swipe in from the right edge of the screen, tap/click Search, enter BitLocker in the search box, go to Settings, and then to BitLocker Drive Encryption
  2. Select Turn on BitLocker (Administrator permission required)
  3. The BitLocker Drive Encryption setup dialog box opens; follow the instructions
Windows 10
  1. Start, type BitLocker, then click Manage BitLocker
  2. Select the drive that you want to encrypt, and click Turn on BitLocker
  3. Choose password to unlock the drive
  4. Choose where to save the recovery key; we recommend STACHE or a cloud-based password manager like LastPass
  5. Choose to encrypt the entire drive
For a full guide on securing your Windows computer, see the Hardening Guide for Windows 7 and Windows 10.
Securing your Smartphone
Updates often address security vulnerabilities in addition to bug fixes and new features.
See http://support.apple.com/kb/HT4623 for full instructions.
Do not jailbreak your phone; many attacks out there target jailbroken phones.
 
Setting a passcode prevents unauthorized access to a device. It also encrypts the drive via Data Protection, protecting your data in the event that it is lost or stolen.
To configure a passcode:
  1. Tap Settings
  2. Tap General
  3. Tap Passcode Lock
  4. Tap Turn Passcode On
  5. Enter a passcode and then tap Next
  6. Enter the same passcode and tap Next again
For high-security situations, we recommend a standard alphanumeric passphrase instead of a passcode.
 
This option automatically locks the device after it has been inactive for the specified amount of time.
To enable the auto-lock timeout:
  1. Tap Settings 
  2. Tap General
  3. Tap Auto-Lock
  4. Tap “2 Minutes” or a lower value
Disabling these services extends your battery life and reduces the attack surface of devices and may also prevent you from unintentionally connecting to unknown services and devices. These services should be enabled only while they're actively being used.
 
To turn off AirDrop:
  1. From the bottom of the iOS screen, swipe up to open the Control Center
  2. Tap AirDrop
  3. Tap Off
To turn off Bluetooth:
  1. Tap Settings
  2. Tap Bluetooth
  3. Turn off Bluetooth
To turn off Personal Hotspot:
  1. Tap Settings
  2. Tap Cellular
  3. Tap Personal Hotspot
  4. Turn off Personal Hotspot
  1. Tap Settings.
  2. Tap iCloud.
  3. Enter your iCloud username and password if not already configured.
  4. Turn on Find My iPhone.
  5. If using iOS 8, turn on Send Last Location.
  6. Tap OK.
For a full guide on hardening your iPhone, see the Apple iOS Hardening Checklist.
 
Updates often address security vulnerabilities in addition to bug fixes and new features.
  1. Tap Settings
  2. Swipe down to and then tap About Phone
  3. Tap Software Update
  4. Tap Software update check
Do not root your phone. It makes attacks much more likely to succeed.
 
Setting a PIN/password prevents casual unauthorized access to your phone if you leave it on your desk.
To set a PIN:
  1. Press the Menu button
  2. Tap System settings
  3. Scroll to Personal
  4. Tap Security
  5. Tap Screen lock
  6. Tap PIN or Password
  7. Tap in a PIN or easy to remember and type password; the longer you can make it, the better
  8. Tap Continue
  9. Re-enter the PIN or password
  10. Tap OK
  11. Tap Automatically lock
  12. Tap Immediately
  13. Check Power button instantly locks if not already checked
  14. Tap the back button until you get back to System settings
  15. Under Device, tap Sleep
  16. Tap a time; we recommend 2 minutes at most
This protects the data stored on the device from unauthorized access in the event that it is lost or stolen.
When you first encrypt the drive it may take an extended amount of time, depending upon the amount of storage in the device. The device needs to remain plugged in and the encryption process should not be interrupted.
  1. Press the Menu button
  2. Tap System settings
  3. Scroll to Personal
  4. Tap Security
  5. Scroll to Encryption
  6. Tap Encrypt {{device}}
  7. Tap Encrypt {{device}} again
  8. Enter lock screen passcode or password when prompted
  9. Tap Continue
  10. Tap Encrypt {{device}}
Disabling Bluetooth extends your battery life and can prevent you from unintentionally connecting to malicious services and devices. It should be enabled only while they're actively being used.
  1. Press the Menu button.
  2. Tap System settings.
  3. Scroll to Wireless & networks
  4. Slide the Bluetooth switch to Off.
  1. Press the Menu button.
  2. Tap System settings.
  3. Tap Security.
  4. Scroll to Device administration.
  5. Tap Device administrators.
  6. Check Android Device Manager.
  7. Tap Activate.
For a full guide on hardening your Android phone, see the Google Android Hardening Checklist.
UT Policies
Information Resources Use and Security Policy (IRUSP)
Anyone using computer or telecommunications equipment, software, data, and/or media owned, controlled, or maintained on behalf of UT Austin must comply with the Acceptable Use and Security Policy Agreement.
 
Here are the top 3 most common violations that result in disciplinary action, including loss of wireless and network privileges on campus:
  1. Users must not share University Confidential Data with friends or family members. This includes your EID password.
  2. Users must not download or share copyrighted materials via BitTorrent or other file sharing services, per the The Digital Millennium Copyright Act (DMCA).
  3. Users must not post copyrighted materials on UT-hosted sites or servers, per the DMCA.
You may view the IRUSP in its entirety here.