How IU protects compromised accounts

On this page:

Overview
Passphrase scrambling
Block network access
Learn more

Overview

Upon receiving an incident report (for more, see Report an IT incident ), the University Information Security Office (UISO) Incident Response team will follow the procedures outlined in Information and Information System Incident Reporting, Management, and Breach Notification (ISPP-26). As a general practice, the UISO will attempt to immediately sever access by any unauthorized users to the compromised Indiana University network accounts or resources.

Passphrase scrambling

The UISO may scramble the IU passphrases associated with the affected accounts. Scrambling a passphrase changes it blindly so that it is unknown even to the person who executed the scramble.

If your passphrase was scrambled, you may be able to reset it; see Reset your IU passphrase.

Important:

Although the UISO may scramble passphrases, the UISO does not reset them. You must initiate a passphrase reset through the UITS Support Center.
No one at IU will ever ask you for your IU passphrase.
The UISO will not log into your email account to redirect email.

Block network access

The UISO may disable or block network access as needed for security reasons or policy violations, such as failure to prevent or clean up after a virus infection or a network compromise, or failure to remove copyrighted materials after a Digital Millennium Copyright Act (DMCA) violation.
To get your network access re-enabled, see If your network access has been disabled by UISO.

Note:

If your account passphrase has been scrambled, you will not be able to log in to complete a self-service unblock.
The UISO will attempt to alert you and associated local UITS support people to the security issue.

Learn more

For more, see Information Security and Policy. Always follow best practices for computer security.