A day in the life of securing your digital identity on campus
Published: October 28, 2025
For the final week of Cyber Security Awareness Month 2025, we are shining a spotlight on the importance of protecting your digital identity. From the moment you apply to the University of Toronto, to your first TCard swipe, to your eventual graduation or departure, your digital identity defines how you access resources, collaborate and stay connected.
Beyond keeping your passwords and banking information private, there are so many chances throughout your day to protect your information — or to accidentally leave it exposed. Let’s spend a day together on campus to explore how small actions can make a big difference to your security.
Swiping into the library
You arrive on campus and head to the library or your office. You swipe your Tcard to enter. Behind that quick swipe is a secure system verifying your identity and logging your access. Your TCard isn’t just a means to let you into a building — it’s a digital key that connects you to university systems.
Never share your TCard or UTORid with classmates or colleagues, as sharing credentials puts you and the university at risk. Your unique digital identity will continue to evolve and follow you as you take on new roles throughout your time at the university.
Connecting to campus Wi-Fi
You stop by your favourite cafeteria on campus for lunch and open your phone to scroll. You notice two Wi-Fi options: one from the university and one from the shop next door. Choosing the right network matters.
Always connect to the UofT or eduroam networks and never share your login credentials with anyone. University-provided networks like UofT or eduroam use encryption to keep your connection secure. Open networks can expose your credentials and data to anyone nearby.
Email check
You check your email inbox and see, “Your account will be deactivated tonight unless you click here.” Phishing emails disguised as campus notices or financial aid alerts are common in university inboxes.
If you suspect an email is malicious, do not engage with any links or attachments. Make sure to report it using the U of T Phishing Button or by forwarding it to report.phishing@utoronto.ca. For tips on how to spot a phish, visit the Phishing 101 article.
Setting up new accounts
You set up an account on a new university tool and use the same password you use for all your online accounts. It’s convenient but very risky. If one of your accounts is compromised, that reused password can give attackers access to many others.
Use a password manager like 1Password, which is free for all U of T students, staff and faculty, to help generate unique passwords and store them securely.
Multi-factor authentication notification
You receive a Duo notification to your phone for UTORMFA. MFA verifies your identity using a second factor, like a mobile device, to ensure that only you can log in to your account. Attackers sometimes send fraudulent MFA push requests to trick you into approving a login you didn’t initiate — also known as MFA fatigue.
Always check the location before approving a Duo notification. If it doesn’t look familiar or if you don’t remember signing into anything that requires MFA, deny and report the request. Learn more about avoiding MFA scams.
Your U of T digital identity doesn’t end when you graduate as a student. Many alumni return as graduate students, staff or continuing education learners and reactivate parts of their university access along the way. Maintaining strong habits now, such as using MFA, safeguarding credentials and securing passwords, ensures that your identity remains trusted and ready to evolve with you throughout your journey.
