IT-News

Passphrases and Workday

Workday Project Begins

It’s been over a year now since we started our Cloud ERP Project, which is now the Workday project. Over the next 3 years, Augsburg will be changing its primary information system (called Unit4 or the software formerly known as Agresso). This change will involve moving from our current campus-based Enterprise Resource Planning (ERP) system with numerous third-party systems to a unified, cloud-based ERP system, Workday, with fewer third-party systems. The change will happen in phases, with HR and Finance changing first, by January 2027.

This is a complex, multi-year, campus-wide project that changes how we manage student records, registration, human resources, finances, and more. Simply put, how you interact with Augsburg as a student or employee will be changing and improving once we have made the change. How you register for classes, record time worked and time off, submit grades for your courses, and so on—all will be modernized and, ideally, improved.

The last decision in the process has been made which is to partner with Avaap to help us move to Workday. Avaap was founded in 2001 and has been doing Workday implementations for 7 years. Their higher education team is made up of former higher education professionals who have an average of 22 years higher education experience.

The project page has been updated to have a place for us to note the project status. As we get started with Avaap the project timeline will be updated. The HR and Finance parts of Workday will come online at the start of 2027 and the Student part will be fully in use by the fall of 2028. During 2026, the Finance, HR, and the IT ERP teams will be working on this project which will result in the daily work done by them slowing down and taking longer than before. So everyone should expect slower response times from HR, Finance and Erin and Kathy. Please grant them grace as this project will consume a sizable part of their weekly time.

Passphrases

Passphrases are coming! This is a good thing for both security and remembering our logins.

What is a passphrase?

It is a longer and more secure alternative to a traditional password. Our current password policy has only an 8 character minimum and a bunch of requirements around numbers, symbols, and upper/lower-case. With a move to a passphrase what matters is length, 16 characters minimum, and longer is better. Use whatever characters you want. Most people string a bunch of words together like “wind Denver lock wave road Jeff.”

Why is it better for me?

Beyond hopefully being easier to remember, because we have Duo now for a second factor of authentication, we will no longer require annual changes for “average” accounts. These are the majority of students and faculty. I’ll repeat that, most students and faculty will not have to change their passphrases anymore. People who access institutional data as part of their job (staff advisors, chairs, certain student workers, etc.) will still need to change annually. And if you do fall for a phish and share your passphrase you’ll need to change it.

Why are we changing?

First, passphrases are considered best practice these days. The old rules of complex passwords and frequent required changes resulted in people picking worse passwords. We want to align with best security practices and improve the experience for much of the campus community.

When are we changing?

We’re planning on May to change the requirements on passwords (now called passphrases). The new requirements will be the passphrases needs to be a minimum of 16 characters long and you may use whatever you want for characters. We will not force everyone to change their passwords to passphrases at one time. The new requirements will be in effect in May so when you update your password the new requirements will be in effect (communication coming at that time).

But I have a question….

Hang tight. We’ll have more information and a FAQ coming in the next 2 months.

Happy 2026! A look back at phishing and scams in 2025

Many Email Scams in 2025

With so many retrospectives on 2025 being published, this seems like the time to look back on the increased number of phishing attacks or money scams targeting the campus this past year. We had so many more scams in 2025 than I’ve ever seen in my 25 years at Augsburg. Here’s some reminders of scams I remember.

Fake job scam in April
Fake Involuntary Termination scam in April
Fake account verification scam in May
Phone payment scam in May
Fake research job in August
Fake payroll and benefits scam in August
Fake internship in September
Fake MacBook sale scam in September
Fake research job in November
Fake items for sale in December

Red Flags

With all of these scams, there are several red flags to look for. Keep in mind that no single red flag is definite that something is a scam. But if the flags are adding up that should increase your suspicion. Some examples are

A deal that seems too good to be true. It often is fake.
A deal that is unexpected or not the norm. There is a classifieds section of amail for selling things.
A deal that wants payment through an app or bank transfer or text.
People or names of departments are referenced that are not recognized.
Language that sounds a little off.
A sense of urgency requiring your action quickly.
A link to a website that requires a login or is a form that is asking for your password.
A From email address that is outside of Augsburg.

With all of these red flags, there are ways for scammers to seem legitimate.

With AI and information on our website, scammers can write emails that sound quite real and reference real people.
With phishing attacks, a phishing victim’s account can be used by a scammer to send more emails adding to the look of legitimacy.
Copying the look (branding) of an Augsburg site is not hard to do. Always pay attention to the URL (address) too.

What should I do if I get scammed?

If money is involved, the FTC has some recommendations to try to get it back.
If you entered your password on any form or strange looking website, immediately change it on Inside Augsburg. Never approve any Duo pushes you weren’t expecting or have a strange location.
If you started texting with the scammer, block the number.
Mark the scam email as spam or phishing to train Google. Many scams are now going straight to spam and not reaching your InBox.
Students can contact the Tech Desk for help. Faculty and Staff can contact their LFC.

Disabled Accounts

Keep in mind that if we detect or if Google detects that your account has been compromised from a phish we will disable your account as quickly as we can to prevent more phishing or scam emails. What you’ll experience is that you are suddenly signed out of your account and your password doesn’t work. You’ll need to contact us (Tech Desk or LFCs) to regain access to your account. We will verify your identity before unlocking the account.

General Advice

The most general advice I can give you is slow down, read something more than once, and let it sit before acting. Trust your gut – if something smells phishy it likely is a scam or phish.

Summary of May 16 – 18 network outage

The link below will take you to a secured Google Doc with a summary of the issue. Since this describes our internal campus network it should not be available to the general public.

Summary of May 16-18 network outage.

Changes Coming to Augsburg’s Information Systems

Hello Augsburg students, faculty, and staff,

Over the next 4–5 years, Augsburg will be changing its primary information system (called Unit4 or formerly Agresso). This change will involve moving from our current campus-based Enterprise Resource Planning (ERP) system with numerous third-party systems to a unified, cloud-based ERP system.

This is a complex, multi-year, campus-wide project that involves how we manage student records, registration, human resources, finances, and more. Simply put, how you interact with Augsburg as a student or employee will be changing and improving once we have made the change. How you register for classes, record time worked and time off, submit grades for your courses, and so on—all will be modernized and, ideally, improved.

Such a change can be both exciting and daunting for people so we intend to support you in this transition with plenty of information, communication, and campus engagement as the project moves forward. The first steps will be to document business processes and engage key functional areas in preparation for campus visits by potential vendors this spring.

On the project web page you’ll find information on project timeline, decision process, and project goals. That project page will grow and expand over time. If you have any questions about the project please feel free to reach out to me at any time.

– Scott Krajewski ’94, ’21 MBA
AVP for IT

LastPass breach

What Happened?

On December 22, 2022, LastPass announced that they had a data breach a few months earlier. LastPass is a password management software that 25.6 million people use to store their passwords. The password vaults of many people were stolen. This Wired article goes into more details.

What Does This Mean?

If you use LastPass to store your passwords it is possible that your password vault was stolen. The vault is encrypted and individual passwords in the vault are also encrypted. If someone is able to crack your vault password they could see the contents of your vault, minus the actual passwords. This means they could also access your current LastPass vault unless you have additional protections (two-factor authentication) in place.

Though your individual passwords are further encrypted, the websites and usernames are not encrypted in the vault. This means someone would know you have a login to a given website and what your username is. That is enough information to target high-value sites like banking, paypal and so on.

What Should I Do?

If you are a LastPass customer, you should

Change your LastPass vault password.
Turn on two-factor authentication for your LastPass account.
Change passwords on your high value (i.e. financial) logins that were stored in LastPass. Ideally change all passwords that were stored in LastPass.
Consider if you want to switch to another password manager. There are many other products and exporting and importing passwords. This Wired article reviews several products.

What Does IT Think?

We think using a password manager is a great way to use complex passwords and make them easy to use. Most password managers have a web browser plugin so they work with a few clicks and no typing. This is a good reminder that any company is vulnerable to a breach, even a company that offers a security product. Because of this breach we no longer recommend LastPass as an option. We do recommend using a password manager. Again, the above wired article reviews some options and you can make a choice that fits your needs and budget.

End of January moodle enrollment issue

On the weekend of January 29, 2022 we encountered an issue with the enrollment update from Agresso. The result was everyone was dropped and added back into their courses which has had impact on group membership and grade data for some activities. Fortunately, most grade data was not impacted, and we are exploring options to recover any grade data for those limited activities that were affected.

I am very sorry for the issue and want to assure you we’ve taken steps to prevent a similar issue in the future. We are still determining the root cause of the issue and have measures in place to prevent a recurrence until that root cause is addressed. Moodle enrollment is now back to being updated nightly (whereas before it was every 3 hours).

Faculty having questions or needing assistance can contact their Academic LFC and Bonnie Tensen.

Google Maps is back

You may have recently received an error message when trying to access Google Maps while logged into your Augsburg account. It appears that while it may have been previously available, Augsburg did not have Google Maps turned “On” as a non-core app available for Augsburg.edu accounts. A likely change by Google seems to have corrected what they would see as unintentional access. During our investigation, we have kept the service “Off.”
This change by Google also affected other Educational institutions that use Google Workplace services, and not just Augsburg.

Now we’ve turned it “On.” This is a good time to remind you that Google Maps does not fall under our Education terms of service so the privacy protections are the same as the consumer Google tools. Our Core Apps (Gmail, Calendar, Drive) fall under an education terms of service that includes FERPA protections. We have a web page that explains all of this.

In other words, non-core apps like Google Maps will collect data like the consumer Google products so be aware of that. And we recommend not requiring students to use any non-core apps for coursework since there aren’t FERPA protections like those that exist for core Google Workspace Apps.

Gmail’s increased gray notification boxes about spam

We’ve been seeing more notifications in Gmail that a “message was not sent to Spam based on your organization’s settings.”

Grey box from Gmail

This is likely due to either the overall Gmail spam filter or your personal spam filter becoming more aggressive based on what its learning.

We have configured Augsburg’s Gmail to not flag messages between Augsburg people as spam. So Gmail thinks the message may look like spam but we’ve told Gmail that email between Auggies is not spam.

The spam ecosystem is constantly changing and the Gmail spam filter is constantly learning as spam changes. These changes are normal and we always monitoring for ways we can make the email experience better.

Fall WiFi issues update 11/05/2020

What’s going on this week

We’re in a “watch and wait” mode now. We’re going to rely on feedback from students contacting the Tech Desk or using our WiFi reporting form to see if the experience is better. In the last week we’ve had 1 report using the WiFi reporting form. We’ve had a handful of students contact the Tech Desk in the past week and we’re following-up on those issues. Thanks for contacting us!

Since we don’t know exactly what the problem is we can’t check a specific metric or measurement to know if we’ve made an impact (recall we have little data from students so we’re making assumptions as to what may be the cause based on what we’ve heard from Gustavus and IT email lists).

What’s planned for next week

We’re still in a “watch and wait” mode.

Fall WiFi issues update 10/28/2020

What’s going on this week

On Monday at 5AM we updated the WiFi software and adjusted the WiFi settings in the remaining dorms – Urness, Mortensen, Anderson, and Luther.

What’s planned for next week

We’re in a “watch and wait” mode now. We’re going to rely on feedback from students contacting the Tech Desk or using our WiFi reporting form to see if the experience is better. Since we don’t know exactly what the problem is we can’t check a specific metric or measurement to know if we’ve made an impact (recall we have little data from students so we’re making assumptions as to what may be the cause based on what we’ve heard from Gustavus and IT email lists).

Reporting Form

Responses have slowed on our WiFi reporting form. Please keep using it as it will help us determine if the dorm updates have made a difference. When we don’t hear anything we then assume things are going fine.