I just received notice that my password was scrambled because it "may be compromised". How did this happen?
Technology Services Privacy & Security resets passwords any time they detect account behavior that fits a pattern of abuse. Any time such logins are observed, precautions must be taken against attackers logging into your account and using it for malicious purposes. Sometimes compromised accounts are identified by spam actively being sent from the account, or a report that the account's credentials were included on a password list being used by cybercriminals online. In many cases, the suspicious activity consists of observed logins that are too far apart geographically, and too close together in time, to be explained by travel.
Some behaviors can make your own legitimate logins look suspicious enough to be caught by this system. These primarily consist of:
NOTE: third-party VPNs are not supported by Technology Services, and for most situations, a better solution would be to use the CISCO AnyConnect client VPN, which is available for free from the WebStore. See here for installation instructions: VPN, CISCO AnyConnect, Installation Instructions Splash Page. The compromised account system is programmed to recognize UIUC VPN logins and will not consider them suspicious.
To regain access to your account you may do so with the Technology Services Password Manager, accessible at https://go.illinois.edu/password, or from the "Reset Your Password" button on the main Technology Services website. This requires you to have your account recovery options configured beforehand. If you are not able to do this, please contact the Technology Services Help Desk at firstname.lastname@example.org. If you are faculty or staff, it may be more convenient to contact your unit IT department for assistance.