Monitor login activity for your personal or group account
On this page:
- Monitor login attempts for your personal or group account
- Interpret login attempt data
- Respond to suspicious login activity
Monitor logins attempts for your personal or group account
To view all the content available to you here, use the green log into the Knowledge Base.
button at the top of this page toThe UISO Incident Response Webservice provides tools for monitoring login attempts for active personal and group computing accounts at IU:
- Email notifications: You can set up email notifications to alert you (and, optionally, your department's IT Pro) anytime someone tries to log in using the IU username associated with your personal or group account.
- Login history: You can view a 60-day history of login attempts for your account across several UITS services.
To access these tools:
- Log into the Login Activity & Subscription Options page using the personal or group username you want to monitor, and the corresponding passphrase.
- To set up email notifications:
- Send daily emails: Select to receive daily notices about your account's login activity.
- Send emails for non-US logins: Select to receive email notices whenever your account is logged into from a location outside the US.
- CC departmental IT staff: Select to send copies of your email notices to your department's IT staff.
- CC another email address: Select to send copies of your email notices to a specific email address; enter the email address in the provided text field.
To save your selections, click
. - To view your account's login activity over the past 60 days, in the table below the email options, click the tabs to view data for the following UITS services:
- Active Directory) (
- IU Login) (
- Duo) (
- SMTP server) (IU
- Outlook on the web) (
- IU VPN) (
- federated services, such as IUware and Canvas) (
If you are unable to log into the "Login Activity & Subscription Options" page, send mail to it-incident@iu.edu
for help.
Interpret login attempt data
Each tab in your account login history shows the most recent activity for a particular service, sorted from newest to oldest.
The columns on each tab contain the following information:
- Timestamp: The date and time of each login attempt; timestamps are listed in 24-hour format and are in Eastern Time (ET)
- IP: The IP address assigned to the device that attempted each login
- Type: The success (
auth
) or failure (failed
) of each login attempt - Country: The country of origin for each login attempt; a
?
(question mark) means this information was not available
Discovering a single failed
login attempt on your account is most likely not cause for concern. Individuals frequently make innocent typing mistakes (for example, adding, omitting, or mistyping characters in their usernames) when logging into their accounts. For instance, if user qborgana
mistakenly enters borgana
while trying to log into One.IU, the error would register in the system as a failed login attempt for borgana
and end up listed as such in that user's login history.
However, discovering a repeated pattern of failed
login attempts may be cause for concern. In such cases, you should examine the timestamps for each attempt.
Respond to suspicious login activity
If the timestamps or other factors associated with repeated failed login attempts seem suspicious, someone malicious may have been attempting to log into your account. In such cases, take immediate action:
- Change the appropriate passphrase: For instructions, see Change your IU passphrase. For guidelines on creating a strong passphrase, see Your IU passphrase.
- Report the incident to UISO: Email the following information to
it-incident@iu.edu
:- The username of the personal or group account with the failed login attempts, plus the name of the tab on which the failed login attempts are listed (for example,
borgana
on SSL VPN) - The timestamps associated with the suspicious failed login attempts
- The reason you think these login attempts are suspicious
Note:Do not include the names of individuals you suspect of trying to access your account. The UISO will request this information, if necessary. - The username of the personal or group account with the failed login attempts, plus the name of the tab on which the failed login attempts are listed (for example,
This is document acsj in the Knowledge Base.
Last modified on 2022-11-10 10:24:53.