Announcement

New Duo Security Enhancements Coming to York

As part of planned updates to York’s current Duo 2FA service, UIT will be deploying an extra layer of security through the implementation of Duo Verified Push, Time-Based One-Time Password (TOTP) codes, and the Self-Service Device Management (SSDM) portal. What’s Changing?  Verified Push will ask you to enter a 3-digit code during the login process. […]

Passport York password complexity requirements update

Passport York uses a password strength estimator to ensure that users set strong, difficult to crack passwords for their account.  This is done in order to increase the security of their various accounts at the University. The estimator analyzes passwords and assigns them a score based on their complexity. We have increased the score required […]

Advisory Notice - Microsoft Office Remote Code Execution Vulnerability (CVE-2023-36884)

Microsoft recently disclosed a zero-day vulnerability (CVE-2023-36884) which is currently being exploited in the wild. Attackers are coercing users via social engineering phishing techniques into opening a specially-crafted Microsoft Office document that could result in remote code execution. Even though Microsoft Defender for O365 provides protection against attachments designed to exploit CVE-2023-36884, we ask the […]

Advisory Notice - OFAC sanctions and service restrictions

University Information Technology (UIT) is advising of current and upcoming changes to York-provided services Zoom and Duo (two-factor authentication) as a result of the situation in Ukraine. These services are now or will be unavailable to individuals attempting to authenticate from several countries and regions restricted by the Office of Foreign Assets Control (OFAC) — a financial intelligence […]

Cyber Security Advisory - Protecting against increased cyber threats

Russia’s invasion of Ukraine has resulted in an increase in global cyber threats. While there is no specific threat to York University, we would like to stress the importance of protecting your accounts, devices, and data. Protective steps include: Use multi-factor authentication with your accounts to help verify access. York’s Duo 2FA service is required […]