New MyIWU

The campus portal MyIWU is changing on June 13. For the most part, the change is cosmetic. The way you log in, access important services like Banner Self-Service and email, and interact with channels like Campus Calendar and Announcements will stay the same. Most users should not experience any disruption when using the new portal. If you currently use Course Studio (My Courses), any Groups or the Luminis SunOne calendar, these services will no longer be available. Please contact Rick Lindquist (rlindqui@iwu.edu) for help with setting up new solutions for your courses or groups and get assistance with exporting your calendar to Google.

The new MyIWU will be more streamlined, and we are confident that these improvements will help you work more efficiently. If you have any questions about the new MyIWU, please contact the Help Desk in person in the Thorpe Center, by phone at x3900, or submit an online help request at http://answers.iwu.edu/3900/ask

What Will Stay the Same
-URL (https://my.iwu.edu/)
-Log in with NetID and campus password
-Banner Self-Service Access
-Links to Campus Service Info
-Portal to email, Moodle, and Banner Self-Service

What Will Change
-New layout similar to other campus web pages
-Course Studio and Group Studio will no longer be available
-Luminis SunOne calendar will no longer be available
-Single Sign-on—eliminates double log-on when clicking on email or calendar

It is Time to Update Your Password

The new authentication system implemented in July of 2015, that supports logging in to IWU services such a email, Moodle, MyIWU, and the wireless network, requires a password change every 180 days for security purposes.  Those 180 days are up for much of the campus community this month.  Now is a good time to change your password prior to being prompted or wondering why you cannot login to IWU services when your password expires.

Here is what to do –

  • Go to https://passchange.iwu.edu
  • Enter your NetID  –  The part of your email address before @iwu.edu
  • Enter your current password you use to check email, log on to MyIWU, etc.
  • Enter a new password to use for the next 180 days

You will need to enter your new password on your portable devices that are used to check email and/or access the wireless network.  Apple products will prompt you to enter the new password once your new password is created.  Those using Android products will need to go to settings on the device to update the passwords.

Please contact the ITS Helpdesk for assistance, or by phone at 309-556-3900.

Phishing and a reason to have a strong password

Many received an email today addressed from Illinois Wesleyan University with the subject line Illinois Wesleyan University Administrative Systems Alert.  I always enjoy when we can turn a phishing scheme into a learning experience.

The phishing process starts when an account is compromised.  In this case it was one of our student’s accounts.  The account was most likely compromised due to a weak password.  This is the main reason ITS stresses using strong account passwords.  A password that is 12+ characters long, and contains a combination of both upper and lower case letters, numbers, and special characters, is the best way to protect an account.

Once the account password was obtained by the phisher, the new owner of the account changed the sender’s name to show as Illinois Wesleyan University, crafted a poorly worded message (who uses the word implore?) with missing punctuation and misspelled words, and included a link that looks like it goes to an IWU server but under closer inspection does not.  This person then sent the message to many of us at IWU in an attempt to obtain passwords or to infect computers with a virus or malware.

So always delete any messages you receive asking you to provide login information, or with links to upgrade your account that seem to come from IWU.  We will never ask you to provide your login credentials through an email!  No service of any kind should ask for that matter.

You will want to change your password and scan your computer for viruses and malware if you clicked on the link in the message.

Please contact the ITS Help Desk at #3900 for assistance or with any questions.

ITS Service Interruptions

CIRBN, the University’s Internet provider, will be performing critical upgrades on network equipment in Bloomington, IL, on November 23, between 12:01am-2:00am. During this time, CIRBN reports that we may experience a brief service outage. Thank you for your patience.

On Wednesday, November 25, ITS staff members are performing maintenance on the blade server that supports the majority of computing services we use on campus. Email will be available, but most other services will be unavailable or very unreliable throughout the day. We suggest baking a pie or cookies instead of trying to get any work done.

Log-in Page Changing October 1st

The web page used by the campus community to access IWU online services will have a new look on October 1, 2015.  A simplified page will be presented when logging in to Gmail, Google Calendar, Google Drive, OmniUpdate, and Moodle.

So instead of the current login page –

orig auth

 

You will enter your NetID (the part before @iwu.edu) and password here –

Auth

The new Campus Authentication Page – Always be sure the web address for the login page begins with https://auth.iwu.edu/cas/login

The new look is being implemented for several reasons –

  1. Some mobile devices do not handle the current authentication page well which keeps these devices from accessing Gmail, Moodle, etc.
  2. The web page is the most accessed page on campus.  The simplified page reduces load times and server load.
  3. The web page is not a destination page, but a page that sends you to a destination.  There is no need for a complicated page

 

Phishing Schemes – IWU Information Technology Services will never ask you for your username and password!

The scammers are at it again.  We see phishing scheme activity increase with the start of each academic year.  Two phishing scheme email messages were received by many at IWU last evening.  The two messages provide us with a great learning opportunity on how to detect a phishing scheme.

Know that IWU Information Technology Services will NEVER ASK YOU TO PROVIDE YOUR USER NAME AND PASSWORD  via an email message.

The first message is poorly worded, and includes an inaccurate department name.  Your first clues that a message is a phishing scheme.  The message contains a link that directs you to a very legitimate looking copy of the IWU authentication page where we all go to login to IWU services.  If you were to enter your user name and password on this fake web page, the server hosting the fake site captures your user name and password.  Notice when you hover your cursor over the link (or any link for that matter), the link address is displayed in the lower left hand corner of your browser – http://www.topvpshost.net/iwu.edu.html/  The server topvpshost.net is not an IWU hosted server.  Yet another clue that this is a phishing scheme.  Always be aware of where a link is directing you.  Especially in a suspicious email.

This is the first phishing scheme received by many on campus –

From: IWU ALERT <sunnews@sasktel.net>  – Not an IWU email account-Phishing Scheme Clue
Subject Illinois Wesleyan University Account® Alert   – Trademark symbol?

Dear User,
Recently, we are performing an emergency mail maintenance on our email network. 
Your account is one of the most essential account to be upgraded                      – Poorly written sentences
We therefore, implore you to follow our secure site https://www.iwu.edu/ to upgrade your account
Thank you,
Illinois Wesleyan University Technical Service – Technical Service?

The second message came from a compromised IWU account that was hacked due to a weak password.  Coming from an IWU account makes the message a bit more believable, but this person is not a member of the ITS Staff.  Strong passwords are important to protect your online identity

HELPDESK SERVICES <hxxxxxxxx@iwu.edu>
Date: September 16, 2015 at 3:18:23 AM CDT
To: Helpdesk Services <services_helpdesk@iwu.edu>
Subject:***IMPORTANT NOTICE*** ILLINOIS WESLEYAN UNIVERSITY MAILING INFORMATION
Reply-To:helpdesk_pdx.edu@mail.ru – Notice the reply to address is a Russian domain

Kindly check the attached notice and reply with the needed information.

Help Desk Coordinator
Computing & Network Services
ILLINOIS WESLEYAN UNIVERSITY

The message included a PDF attachment to fill out and send back to the Russian email address.  IWU ITS would never ask for your credentials

Your incoming emails were placed on pending due to the recent email
Verification in our database. In order to receive the messages, you are to      Poorly worded-be suspicious 
reply this email with the information as stated below for verification.

Username………………………………………………………………..
Password………………. ……………………………..\
Phone Number…………………………………………

Help Desk Coordinator
Computing & Network Services                – Not an ITS Department
ILLINOIS WESLEYAN UNIVERSITY

Takeaways- 
  • IWU ITS will never ask you for your user name (NetID) and password
  • Know where links are taking your before you click
  • Verify the sender/reply to address – know where email messages are coming from
  • Phishing scheme messages are written poorly with inaccurate details
  • Our email system is supported by Google – a very competent email provider
  • Again – We will never ask you for your NetID/password combination
  • Just delete any message that you feel could be a phishing scheme
  • Call the ITS Help Desk if you are not sure

Password Assistance

We are working with the campus community to resolve any login issues associated with our recent system changes.

Here are some suggestions to successfully create to a new password –

  • You must know your current password – Please contact the ITS Help Desk at http://help.iwu.edu or at 309.556.3900, if you do not know your current password
  • Follow the new password criteria –
    • The password must be at least 9 characters long – A longer password is more secure
    • The password must contain one uppercase and one lower case letter
    • The password must contain at least one number
    • A symbol helps improve password security &, *, !, @, #, $, %, ^
    • Many dictionary words and commonly used password terms are rejected
    • Parts of your name or are rejected
    • Change your password here – https://passchange.iwu.edu
  • If you are not successful on the first try creating a password, keep trying until you receive the successfully changed message
  • WE WILL NEVER ASK YOU TO PROVIDE US WITH YOUR USER NAME AND PASSWORD COMBINATION.  NEVER SHARE YOUR PASSWORD WITH ANYONE.  ONLY ENTER YOUR PASSWORD ON OFFICIAL IWU WEB SITES.  DO NOT RESPOND TO EMAILS THAT ASK YOU TO PROVIDE YOUR USER NAME (NETID) AND PASSWORD.  WE WILL NEVER ASK YOU TO DO SO!

 

Accessing the University Home Page on Campus

The move to a new authentication system went very well considering the complexity of the project.  We are still working with the campus community to resolve any login issues they may be having.

One unforeseen issue being reported is that the way we access the University home page on campus changed a little.

Before the changes on July 15th, you could enter iwu.edu in a web browser to accesss the University Home Page.  Since the change www.iwu.edu must be used on campus to access the home page.

We are sorry for any confusion this may be causing.

Important IWU Account Information

Dear IWU Faculty, Staff, Students, Alumni, Retirees, Organizations, and other IWU Account Holders,

Information Technology Services is making some important changes to campus systems the week of July 20th to protect your online security as well as the security of Illinois Wesleyan University systems.

Every week reports of data breaches are in the news, and we are working to improve passwords used to access IWU systems, the way our systems work together, and allow for future system enhancements.

Starting today we are asking everyone to change their IWU password used to access email, wireless, and MyIWU. Your current password will stop working on the evening of July 22.

Please click here to access the IWU password change site. Change your password to comply with the new password rules:

  • Your password must be at least 9 characters.
  • Your password must include at least one number, at least one uppercase, and at least one lowercase letter.
  • To improve the password strength, we highly recommend including symbols or special characters (e.g. &,@,$,?).
  • Your password cannot contain your netid, your first name, or last name.

Once your password is changed you will need to enter your new password on your computers and mobile devices to access wireless, email, calendars, MyIWU, and other web-based IWU services.

We know these types of changes are not popular, but a password update will only take a few minutes. The changes are vital in protecting your online identity and the data stored on IWU systems.

Thank you for working with us to improve online security! Know that IWU Information Technology Services will never ask you to provide us with your username and password combination outside an official IWU login page for any reason. You are the only person who should know your username and password combination.  Only enter your IWU login credentials on IWU sites such as MyIWU, https://passchange.iwu.edu, or on devices you use to access the IWU wireless network.

As always, if you would like to verify that this is a legitimate IWU ITS request, or if you have any questions, please call the ITS Helpdesk at 309-556-3900, or call me at 309-556-3017.

Thank you,
Trey Short
Assistant Provost and Chief Technology Officer