If I give my passphrase to someone else who uses my account to send a harassing email message, will I be held responsible?
The following is an official policy statement from the University Information Policy Office at Indiana University.
Your Network ID is provided for your personal use. Network IDs provide access to a wide range of services that are restricted for use by you personally (such as grades, address information, bursar bill, salary, and benefits) or are restricted for use by members of the university community (dial-in and library services). If you share your usernames and passphrases with family members, friends, or roommates, then you are giving them access to services they are not authorized to use.
Passphrases assigned to individuals for the purpose of access to IU technology resources are not to be shared for any reason with anyone. Unless the passphrase was obtained by another person through the exploitation of system security exposures or via other circumstances outside of the user's control, computer account owners will be responsible for actions taken from their computer accounts.
- If you suspect that someone may have discovered your passphrase, change it immediately. Then contact
email@example.com. People can often guess passwords based on knowledge of you or your interests, or they can run programs to find easy passwords. You must choose a strong passphrase to best protect your IU accounts. For further information, see How can I tell if someone else has been trying to log into my account, and what should I do about it?
- Do not share your passphrase with anyone. If you share your passphrase, others will also have access to all of your personal information. They may even embarrass you by sending email or posting to an online forum in your name, or posing as you in a chat session. This is not uncommon, and several very serious cases of this occur each semester. If you have authorization to access institutional data as a staff member or faculty member, someone who obtains your access could view or even modify sensitive information, potentially violating an individual's or the university's privacy, or even the law. For further information, see What is sensitive data, and how is it protected by law?.
If you need to allow someone else to access your Exchange mailbox, you can assign access to that individual using the delegate feature within Outlook. This allows you to grant access to your email account only without divulging your passphrase to anyone. For further information about this option, see In Outlook for Windows, how do I make other users delegates so that they can send email on my behalf?
- Do not use anyone else's passphrase. Using someone else's passphrase to access services or data can be considered computer trespass or tampering, a Class B Misdemeanor and a Class D Felony (respectively), should the account holder or IU choose to pursue such charges. Even if the account owner gives you a passphrase, you must not use it to access the account.
For more information about the proper use of your computer account, see IU IT Policy IT-02, Misuse and Abuse of Information Technology Resources.
Last modified on August 21, 2012.