Protect Yourself Online

Practicing good cyber hygiene can keep your information safe online. Be proactive in protecting your identify by following the advice below.  

Multi-Factor Authentication 

Multi-Factor authentication (MFA) is a security feature that requires more than one method to log in, like entering an additional password or validating your login attempt through email or a text message. When possible, strongly consider MFA. This doesn’t just apply to university services that require BuckeyePass. Your online bank, Google account and others may provide this service. MFA dramatically improves your security; it’s much harder to pretend you are someone you’re not when you have to prove who you are in two different ways! 

The important thing to remember when you take advantage of the added security MFA affords you? Always have a backup plan. An easy way to have one is to ask BuckeyePass to send you up to 10 passcodes. Print them out and throw them in your backpack.  

What if you lose your smartphone, or simply forget it at home? You can easily add and manage devices through the BuckeyePass site. Enrolling your iPad is an easy way to make sure you can always access your information. Try it now.


Avoid and Report Phishing Scams 

Phishing is a form of social engineering or scam when an attacker tries to gain access to your computer or device by tricking you into clicking a nasty link, opening a malicious attachment, or providing your login credentials on a fake site. As an Ohio State student, it’s important to understand how to spot phishing emails. Though it can occur through different methods, it’s most common via email.  

Here's a list of factors that can possibily indicate that an email is untrustworthy: 

  • False claims, warnings and threats: Many phishing emails have a sense of urgency or make false claims that your security has been compromised. They ask you to update or validate your account by clicking on an embedded link in the email. They may threaten to lock your accounts or disable access if you do not provide this information. 

  • Unofficial "From" addresses: Look out for a sender's email address that is similar to an organization's official email address. Cybercriminals often sign up for free email accounts with company names in them to try to fool you. They can also forge the "From" address to look exactly like a legitimate address.  

  • Impersonal or strange greetings: Phishing emails sometimes start with generic phrases like "Dear valued customer" or your email account name, such as "Dear brutus.99999" instead of your name. Most legitimate companies include your name in their emails to you because they will have it on record (if you've dealt with them before).  

  • Poor spelling, punctuation and grammar: Legitimate companies or organizations usually have copy editors that ensure a mass email doesn’t have typos. If you notice mistakes in an email, it might be a scam.  

  • Spoofing popular websites or companies: Scam artists use graphics in emails that appear to be associated with legitimate websites or companies. On phony websites, cybercriminals often use web addresses that look like the names of well-known organizations but are slightly altered (, for example). These websites will also often contain a mix of legitimate links and fake links to make the spoof site seem more realistic. 

What happens once you decide an email is a phishing attempt? Avoid clicking any links and attachments you don’t trust or recognize. If you’re concerned about an email, forward it to and the security team can vet the email.



Public Wi-Fi 

Public Wi-Fi is a free wireless internet connection that is usually provided by coffee shops, restaurants, airports and other public locations. Most public Wi-Fi does not require a password and offers no protection to users. There is no assurance that your data is private while using public Wi-Fi, making you susceptible to stolen passwords, account numbers or credit card numbers. 

We don’t recommend users connecting to public Wi-Fi access points unless they are trusted and managed appropriately (such as eduroam, which is secure and only available to the university community using your login credentials). If you have no choice but to use public Wi-Fi, we recommend the following to avoid identity theft: 

  • Always choose secured public Wi-Fi (password required) over unsecured (no password) 

  • Use a Virtual Private Network to protect your privacy 

  • Don’t log into password protected sites (such as banking, social media, school, etc.) 

  • Don’t shop online 

  • Turn off automatic connectivity on your device


Wi-Fi at OSU 

Ohio State provides wireless network services for Ohio State students, faculty, staff and guests. 

  • eduroam:  Secure Wi-Fi to be used by students, faculty, and staff; can be used when traveling to other participating universities  

  • WiFi@OSU: Public Wi-Fi network for guests and visitors


Resources to Remember