1. Set up a personal e-mail account with a free e-mail service like Gmail.
2. If you do any internet shopping, use this e-mail address for sending information.
3. If there are non-Bates related web forms, use this address as well.
4. If this address becomes the target of SPAM, then abandon it for a new one.

B. Fake sender:

1. Mail may not come from the stated sender. Email addresses can be spoofed, appearing to be from someone that you know.
2. Be especially careful if it has an attachment. Never give your personal information even if it seems to come from a legitimate source.

C. SPAM: don’t answer:

1. If no one answered SPAM mail, it would eventually stop. Many SPAM offers are fraudulent and millions of dollars are stolen each year.
2. Never click on the unsubscribe button in a SPAM mail. This only show the spammer that it is a live address and you get put on more lists.

D. SPAM marking:

1. Bates Gmail automatically labels the e-mail that Gmail believes to be SPAM and moves it to your Spam folder.
2. Gmail can be taught to recognize SPAM and automatically move it to your SPAM folder. You can do this by marking messages with the “Report Spam” button.
3. If Gmail marks a message as SPAM that is not SPAM, you can use the “Not Spam” button to teach Gmail not to put the message in your SPAM folder.

E. Attachments:

1. Verify who the email is from. Make sure you know who the email and attachment is from.
2. Look at the name of the attachment and make sure it looks like a valid file name.
3. If the file ends in a .exe, .vb, .vbs, and .zip be VERY careful about opening the attachment.
4. If you’re not sure, contact the person and verify with them that they sent you an attachment that you are meant to look at.

ON CAMPUS

A user who is on campus and has forgotten their password should come to Help Desk Services, located in the George and Helen Ladd Library, and presenting a valid form of ID. (Bates ID card, Driver’s License, Passport, State ID Card, or Military ID Card). A member of the Help Desk Services professional staff will assist them with logging into Password Manager and setting up a new Network Password.

OFF CAMPUS

A user who is off campus and has forgotten their password will need to contact Help Desk Services at (207) 786-8222 between the hours of 8:00am – 5:00pm EST, Monday – Friday. A professional staff member will need to verify their identity and will then assist them with setting up a new Network Password. We will need to have a valid alternate email address or mobile phone with text capability on file in order to complete the password change process.

If traditional phone service is unavailable, Help Desk Services can also assist with changing passwords over Skype. If this is an option, please email helpdesk@bates.edu with your name, Skype name and a time that we can contact you.

If no phone or Internet service is readily available, we will need the user to fill out a Sponsored Password Change Form, and either fax (207) 753-6939, scan or submit via camera picture the completed form and a photo of a valid ID.

Uses for Bates signed certificates

A certificate signed by Bates is useful for the following things:

• Digitally signing e-mail
• Encrypting e-mail
• Securing traffic to and from a server (e.g. web server over SSL)

Certificates for e-mail clients

Thunderbird supports the use of SSL certificates for digitally signing and encrypting e-mail.  If you would like to enable this feature in your e-mail client you must request a certificate. Please review the configuration documentation for Thunderbird.

Certificates

• Bates College Certificate Authority (CA) Certificate
• Bates Certificate Revocation List (CRL)
• Request a Certificate Signed by Bates

1. Does this year’s password change include Banner PINs as well?
2. When will my new password expire?
3. What are the strength rules for passwords?
4. Can I use a previous password?
5. How can I choose a strong password?
6. What can I do to help me remember my new password?
7. What happens if I forget my password or it gets stolen?
8. What is involved in the Sponsored Password Change Process?
9. How do I use my Password Change Token to access the Password Manager in order to change my password, where can I do it?
10. How long is the Password Change Token valid?
11. What happens if I forget to change my password before my Password Change Token expires?
12. Is the Password Manager only available on campus, or can it be accessed from any Internet connection?
13. What happens to my College-owned laptop when I change my password while off-campus?
14. Why do we need this level of security? What are we trying to protect?

1. Does this year’s password change include Banner PINs as well?
   No, this is only for the network password, which includes e-mail.[top]
2. When will my new password expire?
   Your password will expire 365 days from the date you last changed it.[top]
3. What are the strength rules for passwords?
   The Password Manager states the password strength rules it also provides the ability to have the system generate some suggested passwords that will pass the strength test. If you create your own password and it fails the strength test the system will communicate the reason for the failure (e.g., password must contain an upper case character, etc). This will aid in the process of choosing a new password.[top]
4. Can I use a previous password?
   The use of previous passwords is not allowed, this is enforced by the Password Manager when you chose a new password.[top]
5. How can I choose a strong password?
   The password strength rules in Password Managercan help you choose a strong password but keep in mind that these rules are used to enforce the minimum strength. One good way to increase the strength of your password is to increase the length of it.[top]
6. What can I do to help me remember my new password?
   There are a number of things you can do:
   1. Write it down.
      It should be the only thing on the paper, do not include your username. When writing down a password you should obfuscate it in some fashion, such as adding characters to it or taking characters out so that someone who sees it will have a hard time guessing your password. Once you’ve written it down you should store it in a safe place like a locked drawer. After you have memorized your password you should destroy the paper so that the password only exists in your head.
   2. Type it thirty (30) times in a row.
      Typing your password thirty times will help you commit it to muscle memory.
   3. Chose not to have applications save your password.
      By choosing not to have applications save your password you will force yourself to type your password more often. This will improve your ability to remember your password.

   [top]

7. What happens if I forget my password or it gets stolen?
   If you feel that your password may have become compromised you should immediately use the Password Manager to change the password. If you have forgotten your password or someone has changed your password without your knowledge you should immediately go to Help Desk Services the Ladd Library with their Bates ID. The professional staff will guide you through the Sponsored Password Change Process. Using this efficient process you will be able to change your password with Password Manager using a temporary password called a Password Change Token.
   [top]
8. What is involved in the Sponsored Password Change Process?
   Please review the Sponsored Password Change Process document.
   [top]
9. How do I use my Password Change Token to access the Password Manager in order to change my password, where can I do it?
   A kiosk computer can be used to access Password Manager. Kiosks are located throughout Ladd Library and some other campus buildings. The instructions for using your Password Change Token will be provided along with the token.
   [top]
10. How long is the Password Change Token valid?
    A Password Change Token is valid for 24 hours from the time of generation. A Password Change Token is immediately invalidated as soon as the user changes their password using Password Manager. If the Password Change Token expires prior to the user changing their password the user will be required to follow the Sponsored Password Change Process again in order to be issued a new Password Change Token.
    [top]
11. What happens if I forget to change my password before my Password Change Token expires?
    Thirty (30) days prior to the expiration of your password you will begin to receive automated e-mail notifications stating when your password will expire and directing you to use the Password Manager to change your password. If the expiration of your password passes your access to all network resources, except Password Manager, will be disabled. Password Manager will allow you to login using your current, expired, password for thirty (30) after your password has expired. After your password has been expired for more than thirty (30) days, the only way to change your password will be through the Sponsored Password Change Process.
    [top]
12. Is the Password Manager only available on campus, or can it be accessed from any Internet connection?
    The Password Manager is accessible from any Internet connection.
    [top]
13. What happens to my College-owned laptop when I change my password while off-campus?
    If you change your password while you are off campus your laptop will not be immediately updated with the new password because you will not be connected to the College network. Until you return your laptop to campus you will have to use your old password to access your laptop and your new password to access all network resources. Once you return your laptop to campus it will be automatically updated with the new password.
    NOTE: If you use the VPN to connect to campus from the Internet your laptop will be automatically updated with the new password.
    [top]
14. Why do we need this level of security? What are we trying to protect?
    The College takes the security of our network and systems seriously. Your personal files, e-mail, and other documents are important to you and the College. For these reasons the College has developed password management policies and procedures to safe guard your password and your privacy.[top]

Who can use this system?

All current faculty, staff and students have access to the Library databases both on and off campus. A current username and password is required to access databases that Bates subscribes to. We cannot offer off-campus access to our Library databases to alumni or members of the community due to our licensing agreements. On campus access is available to the general public from any kiosk in the Library.

I get the following error when I click on a Library link. “We’re sorry. We have not yet configured our proxy to allow access to http://<website>.”

This usually means that we will need to add a particular website to our proxy database. Please click on the “proxy issue report form” located on that same page, fill it out and we will get back to you as soon as possible.

How do I bookmark or send a link to a database article?

You can bookmark and send links to articles as you normally would. Bookmarks created off campus will work on campus. Bookmarks and links created on campus and then sent or clicked off campus may not work as anticipated. You may need to find the article or direct people to the resource manually.
Remember that only current faculty, staff and students have access to some of our Library resources. If the URL contains the address “lprx.bates.edu” a valid Bates username and password will be required to view the link.

What if I already have the proxy server setup in my web browser?

You can continue to use the traditional proxy server. If you would like to remove the former proxy server configuration, please see the instructions for your operating system and web browser.

Macintosh
Windows

Who do I call if it’s not working?

For help in configuring the proxy server, contact the Help Desk at 207-786-8222 or helpdesk@bates.edu during regular business hours.
For help in accessing or using particular resources, contact the Ladd Library Reference Desk at 207-786-6271 or reference@bates.edu.

1. Never give your Bates password to anyone. It can be used to look at confidential information beyond email.
2. Log out or reboot your computer if you leave it on over night.
3. Log out of email after you are done or even better, reboot the computer especially if it is a shared computer.
4. Lock your computer if you are stepping away from your desk for any long period of time. [windows = press control/alt/delete simultaneously, macintosh, please consult locking Macintosh help sheet.
5. Use a paper shredder to destroy sensitive paper communications.

B. Passwords:

1. Should be 6 or more characters long. A mix of letters and numbers at the very least. Preferrably including a special character like !@#$%^& if the system in question will accept them.
2. Not easily figured out like birthdays, pet’s or children’s names, phone numbers, social security numbers or license plates.
3. Don’t use the same password for every internet site you visit… if it is compromised, you’ve lost security everywhere.
4. Don’t use your current Bates password on systems outside of Bates. Feel free to recycle an old one that was wickedly difficult to type, but that you still remember.
5. Memorize all of your passwords. Don’t keep a copy in your purse or wallet. Please don’t tape your password to your monitor, or to the bottom of your keyboard, or keep it in the top drawer of your desk.
6. DO change your Bates related passwords to match your current Bates password.
   (Dreamweaver, Bates Gmail, Google Calendar, Sophos Updater)

C. General tips:

1. Don’t carry your Social Security card in your wallet or purse.
2. Buy a cheap paper shredder and destroy sensitive documents that you would otherwise just throw away.
3. Be very careful of Social Engineering. Unless you make the initial contact, do not give out any personal information especially credit card numbers, Social Security numbers or passwords over the phone.
4. If you feel you need to give someone your information (Social security number, mother’s maiden name, PIN, password) then call the organization at a number that you looked up or that is in the statement that they mail to you.
5. Request from the major businesses that you work with that they do not share your name and address with their business partners.
6. If you own a non-Bates laptop, password protect it and record all Serial Number information in case of theft.
7. When throwing away or donating an old computer, make sure the hard drive is erased and all sensitive material is deleted

1. Put a secure administrative password on own computer (Some viruses are now set to guess passwords and login to your computer. They guess admin, passwd, Rover, Fluffy, manager, iloveyou…)

B. Firewall:

1. Windows XP has a firewall that can be turned on to keep others from using your computer when it is on the Net.
2. You might also consider a hardware firewall.

C. Spyware:

1. This is probably the most common cause of computer slow-down. If you install filesharing software or even AIM software, spyware can be installed on your computer and cause problems.
2. Run free software to fix spyware, like
   Spybot: http://www.spybot.com/
   or
   Ad-aware: http://www.lavasoftusa.com/software/adaware/

D. Viruses:

1. The importance of installing anti-virus software and keeping it up-to-date cannot be stressed enough. Bates provides free virus protection software:
   [SOPHOS for Windows][SOPHOS for Mac OS X]
2. Virus software companies send out updates constantly. Have your virus checking software set to automatically update the virus definitions.
3. Your virus checking program will not work properly if the configuration is not set correctly. Have it set to check all files, check zip files, to warn you and quarantine corrupted files.
4. Viruses don’t just travel via email anymore. There are security updates for your computer that can help, but viruses can still find their way onto your computer.
5. New computers often come with a trial version of virus protection but you often have to purchase a subscription to keep the virus definitions up-to-date.

E. Security Updates:

1. Keep your Windows computer up-to-date by visiting:
   http://windowsupdate.microsoft.com
2. Have Windows updates download and install automatically:

If you have forgotten your password and need a Sponsored Password reset, please visit Help Desk Services, 1st floor of Ladd Library. Please bring your Bates ID card with you.