The Digital Governance Unit (DGU) has taken all necessary measures to ensure the security of the provided services. Whenever you are prompted to use your institutional user account credentials (username/password), the process is carried out securely through encrypted communication.

However, please pay close attention to the following:

Keep Your Computer Secure

1. Keep your Operating System and core applications up to date.
2. Regularly update your antivirus software and other security tools.
3. Perform regular backups of your files to external storage devices. After backing up, disconnect these devices from your computer to protect against ransomware that can encrypt or destroy files on all connected devices.
4. Use strong passwords for your operating system (e.g., Windows), including a minimum of 8 characters with a combination of letters, numbers, and symbols.
5. Disable unused services, such as the outdated SMBv1 protocol, to reduce security risks.
6. Shut down your computer when it is not in use.

Always Be Cautious When Entering Your Password

1. Do not enter your institutional user account password anywhere except on official auth.gr websites.
2. Your computer must have an up-to-date operating system and installed antivirus software. Otherwise, there is a risk that malicious software could steal your password and perform unauthorized actions without your knowledge.

Do not blindly follow hyperlinks from emails or websites.

1. Be cautious to verify that hyperlinks direct you to the actual website they claim. Whenever possible, type the website address manually before entering your credentials. Add frequently used sites to your browser’s bookmarks or favorites for easy and secure access.
2. The address bar should begin with “https”.
3. A security indicator (such as a padlock icon) should be visible in the address bar of your browser, confirming a secure connection.

5 Ways to Protect Your Password

1. Never disclose your institutional account password to third parties.
2. Do not send your password via email unless the message is encrypted, nor share it during any phone calls.
3. Your institutional user account is personal; using it by others poses risks since all electronic activity is linked to you as the official account holder.
4. Change your institutional account password periodically.
5. If you have any doubts about whether a service or website is authorized to request your institutional password, contact them through their official communication channels before providing your credentials.

If you suspect that the password of your institutional account has been compromised, visit https://myaccount.auth.gr/ immediately and select My institutional account > Change password to update it, or contact us directly without delay.

Protect Yourself from Phishing Emails

1. Always examine email messages with caution, as the sender’s identity can be easily forged—just like with regular postal mail.
2. Do not reply to emails or visit suspicious websites that ask for your password.
3. Scammers often use copies of official websites and ask users to provide their institutional account credentials. These phishing attempts usually come via email and often contain many spelling mistakes. The messages may be written in English or, if in Greek, contain grammatical errors.
4. No organization (e.g., AUTH, banks) will ever send an email requesting users to reply with their password.
5. Check emails carefully for spelling or grammatical errors. Such mistakes should raise your suspicion about the message’s authenticity.

However, there are also services provided by the (DGU) that are not available through websites.

• Email management via secure IMAP (IMAPS) on the server mail.auth.gr
• Email management via secure POP3 (POP3S) on the server mail.auth.gr
• Management of personal storage space
• Use of Windows computers in educational labs
• Wireless connection to one of AUTH’s infrastructure wireless networks
• Network connection through shared Ethernet ports on the AUTH campus

These services are always provided securely through encrypted communication. Just make sure to follow the Digital Governance Unit’s (DGU) usage instructions for each service.

• What is the OTP requested by the idm.auth page

  Certain Digital Governance Unit services websites require additional authentication (two-factor authentication - 2FA) when logging in with institutional account details. Indicatively, the following websites are mentioned:

  • https://myaccount.auth.gr (institutional account management portal),
  • https://lists.auth.gr (email list service).

  The above requirement has been added for security reasons.

  If you have not configured 2FA on these pages, then the next time you connect, you will need to follow the instructions that appear. The steps are described in detail in the manual https://it.auth.gr/manuals/2fa-myaccount/.

  The configuration is done once and applies to all websites of the DGU services that require two-factor authentication (2FA).

  After configuration, at regular intervals when you attempt to connect to one of these specific websites, you will need to provide the one-time verification code (One Time Password - OTP) that appears in the account idm.auth.gr:AUTH.GR/<username> of the application you configured on your mobile phone or other smart device.