How IU protects compromised accounts

On this page:


Overview

Upon receiving an incident report (for more, see Report an incident ), the University Information Policy Office (UIPO) Incident Response team will follow the procedures outlined in Information and Information System Incident Reporting, Management, and Breach Notification (ISPP-26). As a general practice, the UIPO will attempt to immediately sever access by any unauthorized users to the compromised Indiana University network accounts or resources.

Passphrase scrambling

The UIPO may scramble the IU passphrases associated with the affected accounts. Scrambling a passphrase changes it blindly so that it is unknown even to the person who executed the scramble.

If your passphrase was scrambled, you may be able to reset it; see Reset your IU passphrase.

Important:
  • Although the UIPO may scramble passphrases, the UIPO does not reset them. You must initiate a passphrase reset through the UITS Support Center.
  • No one at IU will ever ask you for your IU passphrase.
  • The UIPO will not log into your email account to redirect email.

Block network access

  • The UIPO may disable or block network access as needed for security reasons or policy violations, such as failure to prevent or clean up after a virus infection or a network compromise, or failure to remove copyrighted materials after a Digital Millennium Copyright Act (DMCA) violation.

    To get your network access re-enabled, see If your network access has been disabled by UIPO or UISO.

    Note:
    If your account passphrase has been scrambled, you will not be able to log in to complete a self-service unblock.
  • The UIPO will attempt to alert you and associated IT Pros to the security issue.

Learn more

For more about account security, see Protect IU's Online Safety & Security . Always follow best practices for computer security.

This is document adum in the Knowledge Base.
Last modified on 2019-12-18 13:24:18.

Contact us

For help or to comment, email the UITS Support Center.