How to protect my account against phishing
- Pavel Břoušek (Deactivated)
- Přemysl Kala
The most effective protection against phishing is Multi-factor authentication. But if you want to try to detect phishing even sooner, you may also set up a security text.
Some instances of ProxyIdP allow you to choose a short text which will be shown to you on the login page before entering your password.
This will only happen if you sign in repeatedly from the same device, in the same web browser, in a non-anonymous window, without clearing cookies between logins, and the “remember me” checkbox needs to be checked on the first login.
Security text will usually not appear when signing into a desktop application or mobile app (e.g. Microsoft Teams), because these applications usually render the login page in a special web browser window with no history.
In the user profile, choose a unique text that you will recognize, but an attacker cannot guess it based on public information about you. You may enter your own text, get inspiration from an external source (e.g. emojipedia.com), or let the app generate text/emojis for you.
When you see your personal security text on the login page, the chance that it is a genuine login page is much higher.
Please note that this security measure is quite easy to circumvent by a skilled attacker, so we highly recommend also enabling Multi-factor authentication.
Related content
Support: perun@cesnet.cz