ARCHIVED: Your responsibility if you give your passphrase to someone who sends harassing email from your account

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

The following is an official policy statement from the University Information Policy Office (UIPO) at Indiana University.

Your Network ID is provided for your personal use. Network IDs provide access to a wide range of services that are restricted for use by you personally (such as grades, address information, bursar bill, salary, and benefits) or are restricted for use by members of the university community (dial-in and library services). If you share your usernames and passphrases with family members, friends, or roommates, then you are giving them access to services they are not authorized to use.

Passphrases assigned to individuals for the purpose of access to IU technology resources are not to be shared for any reason with anyone. Unless the passphrase was obtained by another person through the exploitation of system security exposures or via other circumstances outside of the user's control, computer account owners will be responsible for actions taken from their computer accounts.

  • If you suspect that someone may have discovered your passphrase, change it immediately. Then contact it-incident@iu.edu. People can often guess passwords based on knowledge of you or your interests, or they can run programs to find easy passwords. You must choose a strong passphrase to best protect your IU accounts. For further information, see Monitor login activity for your personal or group account.
  • Do not share your passphrase with anyone. If you share your passphrase, others will also have access to all of your personal information. They may even embarrass you by sending email or posting to an online forum in your name, or posing as you in a chat session. This is not uncommon, and several very serious cases of this occur each semester. If you have authorization to access institutional data as a staff member or faculty member, someone who obtains your access could view or even modify sensitive information, potentially violating an individual's or the university's privacy, or even the law. For further information, see About sensitive data at IU.

    If you need to allow someone else to access your Exchange mailbox, you can assign access to that individual using the delegate feature within Outlook. This allows you to grant access to your email account only without divulging your passphrase to anyone. For more about this option, see Allow others to send mail on your behalf in Outlook for Windows.

  • Do not use anyone else's passphrase. Using someone else's passphrase to access services or data can be considered computer trespass or tampering, a Class B Misdemeanor and a Class D Felony (respectively), should the account holder or IU choose to pursue such charges. Even if the account owner gives you a passphrase, you must not use it to access the account.

For more about the proper use of your computer account, see Misuse and Abuse of Information Technology Resources (IT-02).

This is document bemo in the Knowledge Base.
Last modified on 2018-07-11 11:07:54.