Monitor login activity for your personal or group account

On this page:

Monitor logins attempts for your personal or group account


To view all the content available to you here, use the green Log in button at the top of this page to log into the Knowledge Base.

The University Information Security Office (UISO) has automated processes that identify a significant portion of unauthorized account access without users' involvement. Keeping your passphrase secret and using Two-Step Login (Duo) are the best ways to keep your Indiana University accounts secure.

The UISO Incident Response Webservice provides tools for monitoring login attempts for active personal and group computing accounts at IU:

  • Email notifications: You can set up email notifications to alert you (and, optionally, your department's local UITS support person) anytime someone tries to log in using the IU username associated with your personal or group account.
  • Login history: You can view a 60-day history of login attempts for your account across several UITS services.

To access these tools:

  1. Log into the Login Activity & Subscription Options page using the personal or group username you want to monitor, and the corresponding passphrase.
  2. To set up email notifications:
    • Send daily emails: Select Yes to receive daily notices about your account's login activity.
    • Send emails for non-US logins: Select Yes to receive email notices whenever your account is logged into from a location outside the US.
    • CC departmental IT staff: Select Yes to send copies of your email notices to your department's IT staff.
    • CC another email address: Select Yes to send copies of your email notices to a specific email address; enter the email address in the provided text field.

    To save your selections, click Submit.

  3. To view your account's login activity over the past 60 days, in the table below the email options, click the tabs to view data for the following UITS services:

If you are unable to log into the "Login Activity & Subscription Options" page, send mail to for help.

Interpret login attempt data

Each tab in your account login history shows the most recent activity for a particular service, sorted from newest to oldest.

The columns on each tab contain the following information:

  • Timestamp: The date and time of each login attempt; timestamps are listed in 24-hour format and are in Eastern Time (ET)
  • IP: The IP address assigned to the device that attempted each login
  • Type: The success (auth) or failure (failed) of each login attempt
  • Country: The country of origin for each login attempt; a ? (question mark) means this information was not available

Discovering a single failed login attempt on your account is most likely not cause for concern. Individuals frequently make innocent typing mistakes (for example, adding, omitting, or mistyping characters in their usernames) when logging into their accounts. For instance, if user qborgana mistakenly enters borgana while trying to log into One.IU, the error would register in the system as a failed login attempt for borgana and end up listed as such in that user's login history.

However, discovering a repeated pattern of failed login attempts may be cause for concern. In such cases, you should examine the timestamps for each attempt.

Respond to suspicious login activity

If the timestamps or other factors associated with repeated failed login attempts seem suspicious, someone malicious may have been attempting to log into your account. In such cases, take immediate action:

  1. Change the appropriate passphrase: For instructions, see Change your IU passphrase. For guidelines on creating a strong passphrase, see Your IU passphrase.
  2. Report the incident to UISO: Email the following information to
    • The username of the personal or group account with the failed login attempts, plus the name of the tab on which the failed login attempts are listed (for example, borgana on SSL VPN)
    • The timestamps associated with the suspicious failed login attempts
    • The reason you think these login attempts are suspicious
    Do not include the names of individuals you suspect of trying to access your account. The UISO will request this information, if necessary.

This is document acsj in the Knowledge Base.
Last modified on 2024-04-15 16:42:22.