How IU protects compromised accounts

On this page:


Upon receiving an incident report, the University Information Policy Office (UIPO) Incident Response team will follow the procedures outlined in ISPP-26: Information and Information System Incident Reporting, Management, and Breach Notification. As a general practice, the UIPO will attempt to immediately sever access by any unauthorized users to the compromised Indiana University network accounts or resources.

Passphrase scrambling

  • The UIPO may scramble the IU passphrases associated with the affected accounts. Scrambling a passphrase changes it blindly so that it is unknown even to the person who executed the scramble.

    If your passphrase was scrambled, you may be able to reset it; see Reset your IU passphrase.

    • Although the UIPO may scramble passphrases, the UIPO does not reset them. You must initiate a passphrase reset through the UITS Support Center.
    • No one at IU will ever ask you for your IU passphrase.
    • The UIPO will not log into your email account to redirect email.

Block network access

  • The UIPO may disable or block network access as needed for security reasons or policy violations, such as failure to prevent or clean up after a virus infection or a network compromise, or failure to remove copyrighted materials after a Digital Millennium Copyright Act (DMCA) violation.

    To get your network access re-enabled, see If your network access has been disabled by UIPO or UISO.

    If your account passphrase has been scrambled, you will not be able to log in to complete a self-service unblock.
  • The UIPO will attempt to alert you and associated IT Pros to the security issue.


For more about account security, see Protect IU's Online Safety & Security. Always follow best practices for computer security.

This is document adum in the Knowledge Base.
Last modified on 2019-02-14 15:12:30.

Contact us

For help or to comment, email the UITS Support Center.