UAB's two-factor authentication requirement helps you protect your BlazerID password — but we've got tips for further protecting your UAB password and all of your other accounts.


  • Use a password manager like Keeper, which is free for campus staff, faculty and students.
  • Never re-use passwords for different accounts.
  • Never share your passwords with anyone — or write them on a sticky note taped to your computer.
  • Make them long and strong, with a combination of letters, symbols and numbers. Use the tips in the video above to help create a passphrase you can remember.

October is National Cyber Security Awareness Month, and we’re sharing tips and tricks to keep you and your data safe.

Because information security is a team sport, and when you protect yourself, you protect all of us.



Most of us can’t imagine life without our mobile devices — but if you don’t keep it safe, your information is likely to be stolen.

Here are some tips for keeping your phone or tablet secure:

  • Use a strong password, pattern or fingerprint to secure access, and set your phone to lock automatically when not in use.
  • Install anti-malware and appropriate backup software, and always update your devices as soon as updates are available — updates are often tied to security issues.
  • Review your apps regularly, and be cautious about allowing them to access your information, including location data.
  • Keep your phone in your hand when you are using it in public, and keep it out of sight when you aren’t.

October is National Cyber Security Awareness Month, and we’re sharing tips and tricks to keep you and your data safe.

Because information security is a team sport, and when you protect yourself, you protect all of us.



You can — and should — take steps to protect yourself and your information whenever you’re online.

Lock down your login:

  • Don’t reuse the same password for multiple accounts.
  • Use a long, strong password or passphrase.
  • Use a password manager. Did you know Keeper is free for UAB students, faculty and staff?

Keep a clean machine:

  • Make sure you enable automatic updates.
  • Use anti-virus software to scan your devices.

Guard your personal information:

  • Be thoughtful about what you share on apps and web sites.
  • Pay attention to privacy settings.

When in doubt, throw it out:

  • If a link looks suspicious, delete it.

October is National Cyber Security Awareness Month, and UAB IT will be sharing a number of tips and tricks to keep you and your data safe.

Because information security is a team sport, when you protect yourself, you protect all of us.

Digital transformation is helping the construction industry streamline design and processes — and even helping improve communication with project owners, said representatives of M.J. Harris, a construction company that has partnered with UAB to build a number of recent projects.

UAB's College of Arts and Sciences and IT departments hosted M.J. Harris at a recent meeting of the Alabama CIO organization. Alabama CIO is a group of IT leaders that are focused on connecting, sharing and recognizing technology. UAB's VP and CIO for IT, Dr. Curtis A. Carver, serves as the chair for Alabama CIO.

The organization's membership co-chairman, Kevin Hicks, vice president of IT and principle with M.J. Harris Construction, LLC, brought his team to present to fellow CIOs about how they are incorporating technology into their business.

M.J. Harris has been in business 24 years with 100 employees and typically works on hospitals and K-12 educational and higher education projects. The company is focused on developing relationships with customers, and 90 percent of work is with repeat clients, including winning multiple bids for buildings at UAB.

“The whole construction industry is going through a digital transformation,” Hicks said.

MJ Harris is focused on being strategic about how they approach new hardware and technology. Watching new technology and trends to identify when the technology is mature enough to incorporate it into their production, such as monitoring trends of technology like Microsoft Hololens.

At UAB, the Facilities department receives plans and communication for each project from M.J. Harris in an easier to manage digital process and facilities manages this information in Microsoft Teams for every building and project. This allows for better documentation of the project and quicker communication for those involved in the project. Some of our buildings on campus are over 50 years old, having the information collected in one place and easily accessible will help in the future.

MJ Harris uses BIM — building information modeling, or virtual design — in construction to virtually build their projects before they start in the field. This practice brings subcontractors into more of a partnership and allows for better coordination.

Incorporating technology allows for proactive management that streamlines processes. There have been learning curves but the savings of resources that have led to greater productivity, increased safety and greater quality control.

M.J. Harris provided the attendees with demonstrations of their 3D modeling, scanners and robotic equipment. They also shared how the customer also experiences greater impact through this investment in technology. Buildings are going up much faster and provide customers with resource savings, including easier future maintenance.

This meeting took place in UAB’s new University Hall building, which M.J. Harris built. The event ended with a tour of UAB’s new residence hall and dining venue that is currently under construction with M.J. Harris

RC Day Digital Signage

UAB IT Research Computing will be hosting its annual Research Computing Day on Monday, Nov. 11, 2019, at the Edge of Chaos, located on the fourth floor of Lister Hill Library.

This year, the theme will be building on UAB’s Research Computing community and infrastructure. The day will begin at 8:45 a.m. with light refreshments and featured talks in the morning on new use cases, and updates will begin at 9 a.m.

At 11:30 a.m., lunch will be provided concurrent with the first ever Research Computing Day poster session. Submit poster abstracts here.

The afternoon will be comprised of lightning talks on several current topics in research computing with breakout sessions to follow.

Register for Research Computing Day here. Registration helps keep an accurate head count for seating and lunch.

Adobe Announcement DS
UAB students will have the opportunity to hone their skills in digital communication under a new agreement with Adobe Systems Inc.

Beginning Oct. 1, UAB will be offering Adobe Creative Cloud free to all students, and there will be a limited number of Creative Cloud licenses available for faculty and staff by request, for academic or business use only.

Campus faculty, staff and students will also all be licensed for Adobe Acrobat Pro, for free.

Creative Cloud offers a variety of apps for design, video and photography, including Photoshop, InDesign, Premiere Pro and Illustrator, while Acrobat Pro allows you to create and edit PDF documents.

As part of the new contract, UAB will also be designated an Adobe Creative Campus, which signifies the University recognizes the value of teaching digital literacy skills. Students will have access to tools that help them build visual, audio and animation skills that can not only help them complete unique projects in the classroom — from podcasts to web pages — but also give them leverage in the job market.

“Adobe Creative Cloud gives our students and faculty new tools for a new curriculum,” said Vice President and CIO Curtis A. Carver Jr., Ph.D. “The digital literacy skills students can develop through Creative Cloud will give them a competitive advantage in their academic success and their career searches.

“We appreciate all of the people who collaborated to make this contract a reality, including members of our IT team, the Office of Financial Affairs and the University of Alabama.”

Details about how to access Creative Cloud and Adobe Acrobat will be provided by Oct. 1.

UAB partnered with the University of Alabama to execute the contract.

To reduce risk to the UAB network and data, UAB is enhancing the current web content filtering process to alert users before they continue to a site that UAB’s enterprise security platform categorizes as “adult” content.

Beginning after business hours on Sept 20, 2019, anyone attempting to access a web site that is categorized as “adult” will be directed to a page that says “click to continue” to visit the site. No one will be prevented from continuing to such a site. However, the activity will be logged and tied to your BlazerID should further investigation be needed.

How it works:

  • The new filtering process will apply to the UAB network, wired and wireless. The student residence halls, which use a separate network, will not be affected.
  • UAB IT’s information security team will conduct periodic audit sampling of those users who click to continue to such sites, and audit results will be provided to University leadership.
  • If there is a legitimate business need to access this site, you can submit a security exception request in the IT Tech Help portal.
  • If you feel the site is not categorized properly, you may request a change from this site after looking up its current categorization.

The new web filtering process has been approved by the Faculty Senate. Additionally, UAB Information Security Liaisons were given advance notice and opportunity to provide feedback.

The enterprise security platform’s definition for the “adult” category is “sexually explicit material, media (including language), art and/or products, online groups or forums that are sexually explicit in nature. Sites that promote adult services such as video/telephone conferencing, escort services, strip clubs, etc. Anything containing adult content (even if it is games or comics) will be categorized as adult.”

Adult-oriented web sites have traditionally been a source of organizational concern because they contain a higher percentage of malicious content, present an increased risk to UAB, and could create HR or student conduct issues. The filtering process also aligns with UAB’s Acceptable Use of Computer and Network Resources policy.

UAB uses an enterprise security platform to help secure the campus network. UAB’s currently blocked categories are malware; command and control; and phishing.

URLs for some web sites, including uab.edu, will look slightly different on Chrome and Firefox browsers after their next updates.

Both browsers plan to remove the display of a URL’s extended validation certificate — originally intended to prove the legal entity of the URL owner and help users better detect trusted sites. The EV certificate name has been listed to the left of the URL in both browsers’ address bars. For Chrome users, that information will instead be moved to the page info, which is accessed by clicking the lock icon.

Many users may not even have noticed the entity name in the address bar of certain web sites. At UAB, the name appears on uab.edu sites as well as the URL for the Oracle HR/Finance system. When accessing any URL, you should be cautious to make sure it is a trusted site. Even a lock icon in a URL isn’t always a mark of safety.

Increase your productivity with new enhancements to Office 365, including a “save for later” feature for important files, a “focus time” status alert for colleagues, and a quick look at your day ahead.

Save for Later in OneDrive and SharePoint

Need to review a file but don’t have time right now? Microsoft will be adding a bookmark feature to OneDrive and SharePoint called “Save for Later.” With this feature you can flag files, which will be stored for as links in a convenient menu folder so you can quickly access them later when you have more time.

This feature will be available by the end of September.

Focus Time Status in Teams

Let your colleagues know you are working on a project — and avoid interruptions from notifications — with a new status in Teams called “Focusing.” Notifications will be suppressed during the focus period based on their priority access settings. This is a great alternative to Do Not Disturb, letting other users know you a working hard on something important. This feature will be available by the end of September.

Outlook on the Web – My Day

When using the Outlook web client, you will have a new shortcut in the top right corner that gives a quick view of the activities of the day.

This feature is being rolled out gradually over the next few months and is scheduled to be completed by the end of the year.

When available these features can be found in their respective applications at office.com.

Traveling can be an exciting adventure — but don’t let that adventure include security problems.

Technology makes it easier than ever to use connected devices to discover the exotic locales we wish to visit, book tickets on planes and trains, practice driving virtually, and seamlessly navigate once we get to our final destination. For all the ease that technology brings, we should prepare our technology for travel as carefully as we plan our travel itineraries.

Travel tips

  • Back-up your data! Backing up your data ensures that you won't lose information if your device is lost or stolen. Consider encrypting your data as well, but check with your IT support staff first about how best to implement encryption.
  • Protect your devices with a strong password or lengthy passcode. Sometimes devices get lost or stolen, even when we are being careful. By protecting your device with a passcode or lengthy password, you make it harder for your device to be used and data to be accessed by others.
  • Make sure your devices and applications are up to date. Keep your applications and devices up to date and patched. This helps protect your device and data from security vulnerabilities and threats.
  • Just say no to unsecured public Wi-Fi. Having a wireless connection is almost a necessity for the modern traveler. However, using an unsecured public Wi-Fi hotspot can allow others to view the contents of your electronic activity. Never access your sensitive financial accounts from an unsecured network. If you must access sensitive data from an unsecured network, be sure that you use a VPN service.
  • Double check your MFA settings. Many of us rely on multifactor authentication (MFA) or two-factor authentication to secure both personal and work-related accounts. Be sure that you know how (or if) that will work in the countries that you are visiting. For instance, if your MFA relies on SMS, be sure that you will be able to receive that message in the destination that you are visiting. UAB’s Duo two-factor authentication allows you to use an app-generated passcode, even if you don’t have WiFi.
  • Update your physical location with your password vault. Many people use password vaults to manage all of their account passwords. Don't be surprised if your password vault requires additional verification steps when logging into it from a location that is not in your home country. (After all, we count on these vaults to be secure!) Check the vendor documentation or your account settings to make sure that there are no country restrictions or settings that you need to change before your trip. Also double-check that you're able to access your recovery/secondary email address just in case there is an issue. UAB offers Keeper as a free password vault.
  • Consider leaving your daily devices at home. If you are traveling to a location where you are concerned about your individual privacy rights, consider leaving your primary mobile device at home and purchasing a replacement device to take with you instead. Put only the apps, services, and data that you need for that trip on the device. Check your data plan as well. A "burner phone" or car GPS may be cheaper.
  • Be smart about posting on social media. It is always fun to post vacation pictures in the moment, but online postings on social networks (e.g., Twitter, Facebook, Instagram, Snapchat, etc.) can let other people know that you are not at home and that your home may be empty. Posting vacation pictures on social media once you are safely home helps protect your physical belongings.
  • Use hotel safes to protect your technology. Here's another place where there is an overlap between online safety and physical safety. Just like you would put your passport, jewelry, and money in a hotel safe, consider using that safe to hold your electronic devices when you are not carrying them with you. Not only are the devices themselves expensive to replace, your personal data contained in the device can be irreplaceable (especially if you skipped the first tip on this list).
  • Remember your adapters! Make sure you have power adapters that will work with three-prong plugs and that they fit the country's outlets. Some travel adapters only accept two-prong plugs. (If you're attending a conference, you may be able to borrow a charging cable temporarily.) Outlets also vary, even, for example, between the UK and Ireland. Your technology gadgets are not very helpful when they run out of charge or cannot be powered on. Charge and take a portable battery pack.
  • Mind your voltage! Like plug types, different parts of the world use different voltages. Make sure that your technology devices can run on the voltage used at your destination. Getting shocked with 220V is not the same as 110V.

As surely as you can reduce wrinkles in your clothing with careful packing, so too can you avoid the most common technology travel woes by preparing before you leave home. For more on international travel, have a look at the travel guidelines.

 

Scammers are trying creative ways to get to your money — including gaining access to your email account to set up a mail rule to capture your payroll emails. If your BlazerID is compromised, a scammer could get access to your email and set up a mail rule in Outlook that forwards your payroll emails to a different account — and helps the scammer get access to your paycheck.

With mandatory 2-factor authentication enabled through Duo, UAB campus users are less likely to have their credentials compromised — but you should remain vigilant against phishing attempts.

Learn how to check your mail rules in Outlook in the video above, and if you suspect an email is a phish, don’t click any links or enter your BlazerID and password — simply forward the email to phishing@uab.edu.

New AL Area Code DS

UAB will have new dialing procedures for campus phones with the addition of a new area code for western central Alabama, including Jefferson County.

Existing 205 phone numbers will remain the same, but some new phone numbers will be assigned the new 659 area code, which will impact dialing on campus.

The new dialing procedures will be phased in for local calls and then for long-distance calls.

Beginning Sept. 6, 2019, UAB will phase in the new dialing procedures. The transition period will allow you to become accustomed to the new dialing procedures and give departments time to reprogram certain equipment, such as fax machines or security systems, for the new dialing methods.

The new dialing procedure is simple — just dial 9 + the 10-digit number for all local calls.

Beginning Oct. 12, 2019, old dialing procedures for local and long-distance calls will no longer work, so dialing local numbers with 9 + 7 digits or long-distance numbers with 9 + 1+10 digits will not connect your call.

Dial 9 + the 10-digit number for all local and long-distance calls.

On campus, 5-digit dialing will still be available.

For answers to frequently asked questions, click here.

For additional questions, contact Comm-Repair at 205-934-7777.

Zoom Vulnerability Update

UAB IT is urging the campus community to update Zoom on their Mac computers after a security vulnerability was reported.

Zoom has released security updates for macOS that address critical vulnerabilities. Attackers could use the vulnerability to gain access to your Mac’s webcam.

Students, faculty and staff are encouraged to update Zoom on their personally owned computers as well.

To update Zoom on your Mac, click on “Zoom.us” in the title bar, then click the “Check for updates” button. This can also be done from within the Zoom app by clicking your avatar, which is defaulted to your initials, and then clicking “Check for updates”, then “update” and “install”.

If you have questions, please contact your department’s IT support or contact AskIT at uab.edu/techhelp or 205-996-5555.

Are you in the habit of looking for a lock icon next to a URL to ensure a site is legitimate?

The FBI has released a warning that attackers can exploit consumers’ trust in sites that use HTTPS, the acronym in which the “s” stands for secure. And while the lock is important, it only means that traffic to and from the site is private; it doesn't ensure that the site's operator is trustworthy.
The lock icon did carry more weight years ago, when getting an SSL/TLS certificate was a more difficult process, but these certificates are now free and can be acquired by anyone. Attackers are increasingly making sure that their phishing sites have authentic certificates to mimic legitimate websites.
The FBI advises users to be wary of requests in emails, even if they appear to come from known contacts. Some tips to help reduce the likelihood of falling for a phishing attack using HTTPS:

  • Do not simply trust the name on an email; question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or incorrect domains within a link (for example, if an address that should end in “.edu” ends in “.com” instead.
  • Do not trust a web site just because it has a lock icon or “https” in the browser address bar.

The extra scrutiny takes time, but that’s better than the damage you might incur by falling for a phishing attack.

An email from your boss, unit leader or university president is sure to catch your eye — but take a closer look to make sure you don’t get phished.

Scammers can “spoof” an email address to make it look like anyone from your director to University President Ray L. Watts is sending you an urgent email that demands your attention or asks you to click a link. But clicking that link could cause you to give away your credentials or infect your computer with malware.

Scammers can also impersonate people via phone calls or text messages — known as “vishing” and “SMiShing.”

SMiShing scams happen via text messages and try to get recipients to click on links on their mobile devices. Vishing happens via phone calls, and callers might pretend to be police or other authorities claiming you owe money or broke a law.

In both cases, you should verify contacts independently, and know the signs when a message or phone call starts with vague information or an offer that sounds too good to be true.

In the case of phishing, how do you know if an email address is legitimate?

An easy way is to hover over the email address with your mouse and check to make sure it is real — the correct BlazerID followed by @uab.edu.

You can do the same with a link — if it isn’t legitimate, don’t click it, and especially don’t enter your BlazerID and password.

If you suspect an email is phishing, you can report it using PhishMe Reporter in Outlook or forward it to phishing@uab.edu.

Learn more about phishing — and how to avoid falling for a scam email — at uab.edu/phishing.

UAB IT is urging the campus community to update the Firefox web browser on their computers after a critical security vulnerability was reported by Mozilla, developer of Firefox.

UAB IT is releasing the newest version of Mozilla Firefox to its Desktop Services customers, and IT professionals across campus are encouraged to update their customers’ Firefox browsers.

Students, faculty and staff are encouraged to update Firefox on their personally owned computers as well.

The vulnerability detected in Firefox could allow for arbitrary code execution. All supported versions of Firefox prior to version 67.0.3 or ESR 60.7.1 are impacted by the vulnerability.

Stay up to date with features and security enhancements in Office mobile apps by updating your Android devices.

On June 30, Microsoft will be ending support for Android devices running KitKat, Lollipop and older versions of Android. After this date, these apps will no longer receive updates for new features or security patches.

UAB IT recommends updating the Android version on your mobile devices. While Office apps will continue to work after June 30, reliability and security will degrade over time.

For email, you can use the mobile web version of Outlook by visiting mail.uab.edu on your phone’s web browser.

Consult your mobile service provider for assistance on updating your phone.

WiFi6 Migration IMG
While campus is quieter this summer, UAB IT is embarking on a WiFi upgrade that will strengthen the network’s redundancy and allow greater scalability as the growth of internet-connected smart devices continues to expand.

UAB IT’s network services team will upgrade the WiFi infrastructure to the latest technology, including a cluster of controllers operating under a virtual server that uses artificial intelligence to help monitor and make adjustments based on network traffic and number of devices connected. On a typical day during the school year, the WiFi network averages more than 14,000 connected devices.

The upgrade will also increase the memory on the controllers, which paves the way for greater capacity.

UAB IT has already begun testing the new configuration and has found improved stability.

“If one controller is affected, you won’t notice on the rest of the network,” said David Wolford, network engineer. “We have also seen greater stability for VPN users.”

A series of nine maintenance windows for the upgrade will begin Friday, June 7, and is scheduled to continue through July 19. Maintenance windows will occur at night and are not likely to impact campus, although there may be brief internet outages of about five minutes. You can learn more about the timing of the maintenance windows at status.uab.edu.

MS To Do DS 1

Tired of missing deadlines or juggling activities? Now you can expand your use of Tasks in Outlook for web with a new integration with Microsoft To-Do.

Outlook features a Tasks system for tracking and managing activities. This feature had been isolated to the Outlook app, but with a new update it is now integrated into the Office 365 suite online via Microsoft To-Do.

Tasks functionality within Outlook remains the same, but users of To-Do will see their To-Do tasks synchronized into Outlook clients. Likewise, Tasks created in Outlook will appear in To-Do.

View Tasks in your Outlook web client at mail.uab.edu (just click the checkmark in the bottom left-hand corner).

And check out Microsoft To-Do in the Office 365 portal at to-do.office.com. Learn more about To-Do and Tasks here.

Cryptocurrency DS
Cryptocurrency comes under many names — Bitcoin, Litecoin, Ethereum — and is an increasingly popular alternative for online payments.

Before converting real dollars, euros, pounds, or other traditional currencies into (the symbol for Bitcoin, the most popular cryptocurrency), you should understand what cryptocurrencies are, what the risks are in using cryptocurrencies, and how to protect your investment.

What is cryptocurrency? A cryptocurrency is a digital currency, which is an alternative form of payment created using encryption algorithms. The use of encryption technologies means that cryptocurrencies function both as a currency and as a virtual accounting system. To use cryptocurrencies, you need a cryptocurrency wallet. These wallets can be software that is a cloud-based service or is stored on your computer or on your mobile device. The wallets are the tool through which you store your encryption keys that confirm your identity and link to your cryptocurrency.

What are the risks to using cryptocurrency? Cryptocurrencies are still relatively new, and the market for these digital currencies is very volatile. Since cryptocurrencies don't need banks or any other third party to regulate them; they tend to be uninsured and are hard to convert into a form of tangible currency (such as US dollars or euros.) In addition, since cryptocurrencies are technology-based intangible assets, they can be hacked like any other intangible technology asset. Finally, since you store your cryptocurrencies in a digital wallet, if you lose your wallet (or access to it or to wallet backups), you have lost your entire cryptocurrency investment.

Follow these tips to protect your cryptocurrencies:

  • Look before you leap! Before investing in a cryptocurrency, be sure you understand how it works, where it can be used, and how to exchange it. Read the webpages for the currency itself (such as EthereumBitcoin or Litecoin) so that you fully understand how it works, and read independent articles on the cryptocurrencies you are considering as well.
  • Use a trustworthy wallet. It is going to take some research on your part to choose the right wallet for your needs. If you choose to manage your cryptocurrency wallet with a local application on your computer or mobile device, then you will need to protect this wallet at a level consistent with your investment. Just like you wouldn't carry a million dollars around in a paper bag, don't choose an unknown or lesser-known wallet to protect your cryptocurrency. You want to make sure that you use a trustworthy wallet.
  • Have a backup strategy. Think about what happens if your computer or mobile device (or wherever you store your wallet) is lost or stolen or if you don't otherwise have access to it. Without a backup strategy, you will have no way of getting your cryptocurrency back, and you could lose your investment.