Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

What should I do if someone else has been trying to log into my account?

Unfortunately, it is extremely difficult for UITS to know who is trying to access your account at Indiana University if the individual responsible is using your username and passphrase. However, as long as you keep your passphrase secret and change it frequently, your account should be safe.

People sometimes report security breaches to the Support Center erroneously, often due to a misunderstanding regarding the recorded time of their most recent login. This can be due to a system's use of the 24-hour clock, or even Greenwich Mean Time (GMT) instead of Eastern Time (EST or EDT).

On the other hand, you might see something like:

Last unsuccessful login for dvader: Fri Dec 14 12:35:24 2004 on ttyq1

The word "unsuccessful" means that someone has attempted to use your username to log in, but used the wrong passphrase. In combination with the time of the "Last successful login" message, you may be able to determine whether someone succeeded in guessing your passphrase.

Sometimes people make typing mistakes, maybe adding or omitting a letter in their usernames when logging in. For example, jxsmith might erroneously enter jsmith when prompted for a username. The next time the real user jsmith attempts to log in, it will appear that someone has attempted to log into that account. In this case, jxsmith was not attempting malicious or illegal behavior, but rather is guilty of simple human error.

If you suspect that someone has guessed your password or passphrase and logged into your account:

  1. Change your password or passphrase immediately. For help, see At IU, how do I change or synchronize my Network ID passphrase? Choose a passphrase that is difficult to guess. To see guidelines for selecting a good passphrase, see Passwords and passphrases.

  2. Report the following information to  it-incident@iu.edu :

    • Which account(s) you believe was/were broken into, including your username and system, e.g., dvader on IU Webmail
    • The time(s) that you believe your account was compromised
    • Why you think your account was compromised

      Note: Do not include any names of individuals you suspect may have accessed your account(s). The University Information Security Office (UISO) at IU will request this information if it is needed.

For maximum security, change your passphrase frequently. Also, remember that it is against IU policy to share your passphrase or accounts with others, or to use another person's username and passphrase, even if the account owner gave them to you.

This is document acsj in domain all.
Last modified on May 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.