Security, Password Scramble

I just received notice that my password was scrambled because it "may be compromised". How did this happen?

Technology Services Privacy & Security resets passwords any time they detect account behavior that fits a pattern of abuse. Any time such logins are observed, precautions must be taken against attackers logging into your account and using it for malicious purposes. Sometimes compromised accounts are identified by spam actively being sent from the account, or a report that the account's credentials were included on a password list being used by cybercriminals online. In many cases, the suspicious activity consists of observed logins that are too far apart geographically, and too close together in time, to be explained by travel.

Some behaviors can make your own legitimate logins look suspicious enough to be caught by this system. These primarily consist of:

  • Sharing your password with someone else (friends, family members, etc.). This is a violation of the Campus Appropriate Use Policy.
  • Intermittently using a third-party VPN. VPNs change where your internet traffic appears to be coming from, so if you are in one country and connect to a VPN from another country, your apparent location will suddenly change. If you need to use a third-party VPN, you should connect it before accessing any University resources, and make sure to leave it connected.

NOTE: third-party VPNs are not supported by Technology Services, and for most situations, a better solution would be to use the CISCO AnyConnect client VPN, which is available for free from the WebStore. See here for installation instructions: VPN, CISCO Secure Client or AnyConnect, Installation Instructions Splash Page. The compromised account system is programmed to recognize UIUC VPN logins and will not consider them suspicious.

  • Using a third-party service or mail provider that logs into your email account on your behalf. There are some Outlook plug-ins, some mailbox management services, and some phone apps that exhibit this behavior, and will always appear to be a suspicious login. These services should not be used with University email accounts.
  • Using a out-of-country cell phone on roaming. If a cell phone is on a local WiFi network the internet traffic will appear normal, but if the phone is on roaming, many cell phone companies route internet traffic back to the home country of the cell phone, making it appear to be located there. You may not be able to reliably use this cell phone in this way without having your password reset.
  • Connecting the UIUC VPN, and then connecting to an on-campus computer via Remote Desktop Protocol (RDP). When you RDP to an on-campus computer, it looks like a new login to your account from someone on-campus, which looks suspicious. In most cases, the UIUC VPN will allow your traveling computer to do anything that could be done on-campus, so unless you need specialized software from a campus-based computer, RDP should be unnecessary.

To regain access to your account you may do so with the Technology Services Password Manager, accessible at https://go.illinois.edu/password, or from the "Reset Your Password" button on the main Technology Services website. This requires you to have your account recovery options configured beforehand. If you are not able to do this, please contact the Technology Services Help Desk at consult@illinois.edu. If you are faculty or staff, it may be more convenient to contact your unit IT department for assistance.




Keywords:
scrambled, travel, abroad, country, countries, vpn, password, account, reset, netid, disable compromised compromise hacked hack stolen credentials login log in 
Doc ID:
63517
Owned by:
Security S. in University of Illinois Technology Services
Created:
2016-05-19
Updated:
2024-06-21
Sites:
University of Illinois Technology Services