New to CSUMB?

To create your CSUMB account: 

• Check the email account you used to apply to the university for an email about setting up your account. This email will be from noreply@okta.com and the subject is "Create your CSUMB account". If you don't see it, check your email account's SPAM or JUNK folders.
• Applicants will receive an email 2-business days after they submit an application to CSUMB
• Employees will receive an email on their hire date
• Click the one-time "Create your account" button and follow the instructions to finish setting up your account.
• Creation emails are valid for 90-days
• If you can't find the email from noreply@okta.com or have questions/problems, call 831-582-HELP (4357) during business hours.

At Cal State Monterey Bay, we believe in being cybersecure all year long. We teach our students, staff and faculty that every Otter has a role to play when it comes to being cyber smart and cyber safe because we are stronger together! We can keep a collective eye on possible scams and attacks and keep every Otter's data secure.

Encouraging CyberSecurity Awareness Year Round

Tabling Events

You will often catch us at Otter Thursdays tabling near the OSU Quad Plaza, talking safer MFA practices and providing on the spot help to help you keep your data and privacy secure as well as other tech topics like AI. Come by and say hi and ask us how you can be more CyberSecure. 

You will also catch us at campus events and Resource Fairs on where we will get our newly minted otters set up on the CSUMB Secure Wi-Fi, and help you configure and use multiple MFA methods (we suggest configuring at least two) and creating strong passwords. 

We bring cybersecurity awareness to almost every tabling event we do because we want to keep our community safe. Keep an eye on our Instagram to find out when we'll be out and about with our Spin-to-Win wheel! You never know what kind of goodies we'll be giving away

Training

• Providing tips, tricks, and threats to be on the lookout for. These are usually posted on our @csumb_it Instagram account (especially our stories), our CSUMB IT YouTube Channel or can be found in officially sanctioned email newsletters from CSUMB.

Cybersecurity is every one's responsibility! Check out these Cybersecurity basics to keep yourself and those around you cybersafe and cybersmart!

Table of Contents

• General guidelines for online security and privacy
• Passwords
• Multifactor authentication (MFA)
• Software & App updates
• Phishing & Other scams
• Wireless & Internet access
• Additional Information

General guidelines for online security and privacy

• Review your security and privacy settings periodically on all accounts- especially social media accounts. Options and defaults may change after app updates.
• Don’t post or give strangers information that can be used for identity theft including social security numbers, date of birth, mother's maiden name or the like.
• Read privacy policies. Check for data collected, data ownership, and uses of data.
• Configure your web browser and sites used to not track cookies.
• Be aware and on the lookout for social engineering (Link: Carnegie Mellon University).
• Check short URLs at https://www.virustotal.com/ before clicking.
• Check for email compromise at https://haveibeenpwned.com/

Passwords

• Create unique, complicated passphrases that utilize a combination for upper and lowercase letters, numbers and special characters.
• The longer your password the better.
• Don’t use the same password on multiple accounts.
• Use a password safe to manage your passwords.
• BitWarden
• LastPass
• KeePass 
• PasswordSafe

Multifactor Authentication (MFA)

CSUMB required multifactor authentication, but some accounts don't require it yet. Here are some things to know about MFA:

• Multifactor authentication (MFA), sometimes referred to as two-step verification, is an extra layer of security providing proof that you are who you say you are when trying to log into an account. (Link: Knowledge Base article)
• Enable MFA on your social media, Amazon and any other accounts where it's an option. 
• Don’t use for security questions that contain common or easy to find information: This includes favorite colors or food, names of pets, children or other family members.
• Consider the fact that texts are not encrypted when choosing your multifactor authentication method.
• Authentication apps like Okta Verify and Google Authenticator are the way to go especially when traveling because they use both LTE and Wi-Fi technology.

Software & App Updates

Not patching security fixes onto your devices leaves you vulnerable to hackers.

• Enable auto-update to get important security fixes installed as soon as possible. . 
• Regularly update / patch software that does not have an auto-update option.
• Install and update anti-virus software. As a CSUMB staff, faculty or student you get Sophos antivirus for free.
• Back-up documents and data regularly- it just takes one time of not backing up for you to lose important files.

Phishing and other scams

• A great overview of phishing and related scams can be found in this article: What is phishing and how to avoid it (web: National Cybersecurity Alliance)
• Phishing is the fraudulent practice of sending emails or other messages (like text or instant messenger) pretending to be from reputable companies in order to get you to reveal personal information, such as passwords and credit card numbers.
• The five types of phishing:
• Phishing which takes place over email. These tend to be general and hope to catch a wide number of people in their web of deceit.
• Spear-phishing also takes place over email and uses social engineering to trick a specific person rather than hoping someone in a large group of people falls for it. The attackers usually already know some information about the target by scouring websites for things like organizational charts, company directories and the like. The phishing attempt is then tailored to incorporate that information in order to appear more legitimate. These attacks are typically more successful because they are more believable.
• Whaling is a type of spear-phishing where the targets are high ranking stakeholders in companies or institutions. People like presidents, provosts, and deans might be a target in a university setting. C-level or higher exectives in companies are also targets. Phishers pick these individuals because they have more to lose.
• Smishing is phishing over SMS Text or messenger services.
• Vishing is phishing over phone- usually with a script or pre-recorded message. With the advent of AI, this is gaining popularity as voices are easy to clone. 
• Learn how to spot phishing. (Link: Knowledge Base article).
• Learn how to report phishing. (Link: Knowledge Base article)
• Become familiar with common scams and how to to report them. (Link: Federal Bureau of Investigation):
• Financial Aid Scams (Link: StudentAid.gov)
• Imposter Scams. (Link: USA.gov)
• Real Estate Scams (Link: FightCyberCrime.org)
• Romance Scams (Link: FBI.gov)
• Tax Scams (Link: IRS.gov)
• Unemployment Scams (Link: USA.gov)

Wireless and Internet access

• Don't use public Wi-Fi - your information may not be encrypted and easily discoverable.
• Enable WPA2 on your home wireless router.
• Change default router passwords.
• Enable the built-in firewall.
• Use web-filtering DNS at home https://www.opendns.com/home-internet-security/
• Use the Eduroam WI-Fi when visiting other institutions.

Additional Information

• Cybersecurity & Infrastructure Security Agency
• Identity Theft- what is is and what to do if it happens to you. (Link: USA.gov)

Common Technology Resources for Faculty:

• Canvas Learning Management System - Spreadsheet of helpful resources for using the Canvas LMS compiled by the Center for Academic Technologies (CAT)
• Cooperative Learning Center Faculty Guide - Guide compiled by the CLC regarding how to refer students to their services
• Google Apps Resources - A spreadsheet of help for using various Google apps on campus, compiled by CAT
• Panopto/PlayPosit/Camtasia and other Video Recording/Editing Tools - Spreadsheet of help regarding video recording software, compiled by CAT
• Television Line-up - A list of channels available on campus
• Zoom Video-Conferencing - Spreadsheet on how to use Zoom video conferencing software, compiled by CAT

Additionally, you can call the Technology Help Desk at 831-582- 4357  Monday - Friday, 8:00 am - 5:00 pm (excluding all campus holidays). You can also submit an Optimize Case.

This article covers how to set up your forgot password information, using forgot password to change your password, how to change your password if you already know your passwords, password requirements and password reset tips:

Table of Contents

1. Changing Your Password
2. Password Reset Tips
3. Additional Help

Changing your password

Follow these steps to change your CSUMB password via the Okta Dashboard:

Step 1: Go to the Login Page

• Open your browser and go to: csumb.edu/dashboard
• Enter your username (e.g., otte1234)
• Tap or click Next

Step 2: Choose “Forgot Password”

• On the password screen, below the password entry, click "Forgot password"

Step 3: Verify Your Identity

You’ll be asked to verify your identity using one of the following:

• Email (a code will be sent to your CSUMB email)
• Push Notification (via Okta Verify app)
• Phone (text message or call)

Select your preferred method and follow the prompt.

Step 4: Set a New Password

Once verified, you’ll be taken to the Reset Password page.

Password requirements:

• At least 10 characters, but more is better.
•  Includes:
• 1 lowercase letter
• 1 uppercase letter
• 1 number
• Must not include any part of your username, date of birth, or the word CSUMB.
• Cannot be the same as your last 3 passwords

Step 5: Final Step to Prevent Lockouts

After you change your password you must also forget the the Wi-Fi settings on all your mobile devices such as smartphones, tablets, and e-readers or you will get locked out. After you have forgotten the settings wait five minutes and set up the devices with your new password. 

Password Reset Tips

• Employees using CSUMB-issued computers working a remote schedule: If you are working remote follow the directions for changing your password, but to update the password on your CSUMB-issued windows computer, log in with your old password then connect to GlobalProtect VPN and leave it connected for at least 15 minutes. 
• All users: If you change your password and have your CSUMB email or calendar on your smartphone, you may need to update them to the new password.
• Passwords must be changed every 365 days.
• Fifteen days before your password expires, your next login will include the opportunity to change it.
• Your account locks out after 5 unsuccessful attempts.
• A locked account unlocks automatically after 10 minutes.

Additional Help

If you continue to have issues with your password, please call the help desk at 831-582-4357 during regular business hours.

Located on the first floor of the Tanimura & Antle Family Memorial Library, the student assistant staffed Technology Help Desk provides technical assistance to students, staff, and faculty using the library and cafe area computer and technology-enhanced facilities. We also provide personal laptop assistance to help you:

• Get connected to the CSUMB wired and wireless networks
• Install our Free & Discounted Software titles
• Protect your laptop from virus, worm, and spyware threats (installation/configuration of anti-virus/spyware protection software)
• Learn best practices and use of campus products like Google Workspace apps 

These services are designed to be instructional and require the customer to participate in the process. IT does not offer any kind of personal computer repair service.

Hours

Our Fall 2025 hours start August 25, 2025. 

• Monday: 8:00 a.m. - 10:00 p.m.
• Tuesday: 8:00 a.m. - 10:00 p.m.
• Wednesday: 8:00 a.m. - 10:00 p.m.
• Thursday: 8:00 a.m. - 10:00 p.m.
• Friday: 8:00 a.m. - 5:00 p.m.
• Saturday: 10:30 a.m. - 2:00 p.m.
• Sunday: 2:00 p.m. - 7:00 p.m.

Please note:  Hours are subject to staffing availability. The Technology Help Desk is closed all university holidays and breaks (including Fall and Spring Breaks). 

Not feeling well? Please refrain from visiting us if you're sick, not feeling well, or are coughing.

Use Google Drives to Prevent Data Loss 

Saving all documents to the cloud instead of your computer can be a lifesaver, especially if you are having an issue with your CSUMB computer.

Reporting stolen devices:

1. Report the theft to the police. Notify local law enforcement in the jurisdiction where the device was stolen (e.g. CSUMB Police, the local police in other locations). Be sure you get the case number and primary police contact for the case.
2. Determine if you lost confidential or sensitive data. In order to document whether confidential/sensitive data may have been exposed, if it was exposed, and what data was exposed, consider what kind of information was stored on your computer or device. Determine if any legally protected, contractually restricted, or CSUMB confidential information was stored or handled on the computer or device. If so, notify these entities. If you believe that any sensitive data existed, notify the Chief Information Officer immediately.
3. Submit an Optimize Case to report the theft to the Information Technology. Include the location where the device was reported stolen, the police case number (or a copy of the report if available) and asset information.If you are unable to submit a service ticket, call the IT Help Desk at (831) 582-4357 to report the theft.
4. Report the theft to the CSUMB Property department with the police case number (or a copy of the report if available) and asset information.
5. Employees should notify their manager of the theft.

Reporting lost devices:

1. Determine if you lost confidential or sensitive data - In order to document whether or what confidential/sensitive data may have been exposed, consider what kind of information was stored on your computer or device. Determine if any legally protected, contractually restricted, or CSUMB confidential information was stored or handled on the computer or device. If so, notify these entities. If you believe that any sensitive data existed, notify the Chief Information Officer immediately.
2. Submit an Optimize Case to report the loss to the Information Technology. Include the location where the device was lost and asset information.If you are unable to submit a service ticket, call the IT Help Desk at (831) 582-4357 to report the theft.
3. Report the loss to the CSUMB Property department.
4. Employees should notify their manager of the loss.

Roles and responsibilities:

• Any employee that is the assigned custodian of a University-owned asset that is lost/stolen is responsible for following the reporting procedure.
• The Director of Technology Support Services will review/investigate all reported lost or stolen devices to determine potential data loss.
• IT will update their asset records and check the status of the device in an attempt to find, recover, or render the device inoperative.
• Property will validate the age, value, asset and serial numbers of lost or stolen devices and update their records.

Reminder: Saving all documents to the cloud instead of your computer can be a lifesaver, especially if you are having an issue with your computer.

Here are some tips on making the most of your new computer:

Setting Up Your Computer:

• Unbox/unpack the new computer from its packaging and set it up by following the step-by-step instructions provided by the manufacturer (usually on a fold-out poster or in a thin booklet).
• Do not to use your CSUMB email as the recovery email when setting up a Microsoft or Apple account, since you might lose access to that email after leaving CSUMB, which could prevent account recovery.
• Tips for creating a strong password: use a phrase with mixed letters, numbers, and symbols. Don’t use easy passwords like your birthday, 'password', or '1234'.
• When possible, use a separate login from your administrator username/password for the day-to-day operations of your computer.

Maintaining Your Computer & Software: 

• Always keep your operating system updated as well as your applications.
• Keep your machine protected by using anti-virus software and keep that software up-to-date. The campus uses Sophos and you can get it free from the Free/Discounted software page.
• Speaking of free software, you can also get a lot of cool Free & Discounted Software for your computer from CSUMB.

Good Practices:

• We recommend using separate browser profiles or private browsing to keep school and personal accounts separate, especially when using both a personal Gmail and a csumb.edu account.
• It's good to let the battery on your laptop drain. Do not keep it plugged in constantly or you risk reducing your battery's lifespan.
• Reminder to back up important files like documents and photos to avoid losing them. Suggests using Google Drive, thumb drives, or cloud services. Warns that file recovery can be expensive and not always successful.
• When your screen needs to be cleaned do not use window cleaner on your screen. Instead use lens wipes or screen cleaners specifically made for electronics.
• Protect laptops and tablets from theft: don’t leave them unattended in public or visible in your car. Use a lock-down kit or store them out of sight, like in a drawer, when not in use.

Overview

This is a quick reference guide for installing and setting up Okta Verify for multifactor authentication on your mobile device. 

Supported Platforms

• iOS (Latest versions recommended)
• Android (Latest versions recommended)

Step 1: Download and Install Okta Verify

Open your device's app store:

• For iOS: Open the App Store.\
• For Android: Open the Google Play Store.

Search for "Okta Verify."
Download and install the Okta Verify app.

Step 2: Set-up your CSUMB account.

• At the list of security factors, select "Set up Okta Verify"
• Complete the setup by following any additional on-screen instructions. It’s common to have to log into your CSUMB account multiple times during this process. 
• When prompted during installation of Okta Verify, secure it with FaceID or passcode for an extra layer of security.

Step 3: Use Okta Verify

Once your account is enrolled, you'll use Okta Verify to authenticate your logins. To switch authentication methods with your CSUMB account tap Verify with something else link at the bottom of the second factor authentication screen. 

Okta Verify has two options for authentication:

• Push notification 
• When prompted to authenticate, you'll receive a push notification on your mobile device.
• Tap the notification.
• Tap "Yes, It's Me" or "No, It's Not Me."
• Enter a code
• Open the Okta Verify app.
• A 6-digit code will be displayed next to your account.
• Enter the code into the login prompt on your computer.

Note: If you use a wearable like an Apple Watch, push notifications allow you to respond from your watch.

Key Tips

• Keep your Okta Verify app updated.
• Do not approve requests to authenticate that you did not initiate.
• Do not share your Okta Verify codes with anyone. 
• Protect your mobile device with biometric authentication (FaceID) or a strong passcode.

Additional Help

• Set Up Okta Verify in Under Two Minutes (YouTube short)
• Call the Technology Help Desk at 831-582-HELP (4357) or visit us in the library.
• Submit an Optimize Case.

Password Security Tips

A reminder that a strong password is your first line of defense against intruders and impostors

Never give out your password

Advice against sharing your password with friends, noting they might accidentally or intentionally misuse it, especially if the friendship ends.

Don’t use the same password for everything

It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites. Keep all passwords unique.

Make the password at least 12 characters long

The longer the better. Longer passwords are harder for thieves to crack.

Use a passphrase

Tip recommending the use of a secure “passphrase” instead of a short password, suggesting a long, memorable string of random words with mixed characters, like YellowChocolate#56CadillacFi$h, while warning against using famous quotes.

Include numbers, capital letters, and symbols

Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$J1ravng (short for “My friend Sam Jones is really a very nice guy) is an excellent password.

Don’t post it in plain sight

It might seem obvious, but studies have found that a lot of people post their passwords on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.

Consider using a password manager

Programs or web services for both Windows and Mac let you create a different, very strong password for each of your sites. But you only have to remember one password to access the program or secure site that stores your passwords for you.

Check out our technology tips and resources for students:

• Tips for before you arrive to campus
• Tips for while you are on campus
• Common technology resources

Tips for before you arrive to campus

• Activate your CSUMB account. To do this look for an email from noreply@okta.com in the email account you applied with. Click on the link towards the bottom of the email to activate your account. If your link has expired or you can’t find your activation email, call the Technology Help Desk at 831-582-4357.
• Learn why we use multifactor authentication (MFA) to keep your information safe.
• Check your email regularly. This is CSUMB’s official communication method with you. Don’t fall out of the loop by not checking your email.
• Keep in touch with IT to be the first to know what’s going on. Bookmark our web page csumb.edu/it. Follow us @csumb_it on Instagram. 
• Sign up for OtterAlerts- CSUMB’s emergency notification system to receive text messages during emergency situations.
• Log into MyRaft to engage with other students and keep up to date on what’s going on on campus.
• Check out Career Development’s Otterjobs is the place to look for on-campus jobs.

Tips for on campus

• Connect to CSUMB secure Wi-Fi on your devices. See Network Services: Using the CSUMB Wi-Fi Option for more information.
• Log into your CSUMB dashboard and customize your app order to make it easier for to find the apps you need quickly.
• Log into Canvas for the online components of your classes. There is a link to Canvas in your dashboard apps.
• Log into Google Workspace using the apps on your dashboard including Gmail, Calendar, and Drive. 
• Visit the Technology Help Desk with questions about your account, the technology on campus or help with your personal technology. We are located on the first floor of the Tanimura and Antle Library in the back corner between the Cafe and Reference area.  We are here to help you- so please visit us any time we are open, no appointment necessary.

Common technology resources

• Cooperative Learning Center - Visit the CLC's webpage to learn more about available tutoring (including online tutoring)
• Free & Discounted Software - Download free software including Microsoft 365, Adobe Creative Cloud, virus protection software (Sophos) and other free and greatly discounted titles
• Help with Canvas, Zoom and other campus software - A spreadsheet with a wealth of help available in one place for common student software applications, such as Canvas, Zoom, and other software applications provided by Center for Academic Technologies (CAT)
• Television Line-up - A list of channels available on campus

Not only are you encouraged to visit the Technology Help Desk in the Library, you can call us at 831-582-HELP (4357) Monday - Friday, 8:00 am - 5:00 pm (excluding campus holidays). You can also submit an Optimize case anytime.

CSUMB used a single sign-on service so that you have one username and password for all services. 

Your username (OtterID) is assigned to you. It starts with the first four letters of your last name and contains a randomly assigned four-digit number.

Example: Monty Otter, otterid: otte1234

You will be sent an email from noreply@okta.com that will contain your assigned username as well as a link to create your password and security factor.

You've been phished, what's next?

You clicked on the link in that email and provided some information, but now you're thinking you've been scammed. Here's what to do if you think you've been phished. 

1. Change all your passwords, even ones not used by the hacker.
2. If you gave your credit card information cancel your card or freeze your card as soon as possible.
3. Scan your device for viruses – clicking malicious links can instigate silent downloads of malicious software like keystroke loggers that work behind the scenes.
4. Contact the company the email was spoofed (copied) from to ask if there are any suggestions they have or free credit monitoring for phishing incidents.  
5. Watch out for warnings of identity theft and put a fraud alert on your credit account and social security number.