What should I do if someone else has been trying to log into my account?

Unfortunately, it is extremely difficult for UITS to know who is trying to access your account if the individual responsible is using your username and password or passphrase. However, as long as you keep your passphrase secret and change it frequently, your account should be safe.

People sometimes report security breaches to the Support Center erroneously, often due to a misunderstanding regarding the recorded time of their most recent login. This can be due to a system's use of the 24-hour clock, or even Greenwich Mean Time (GMT) instead of Eastern Time (EST or EDT).

On the other hand, you might see something like:

The word "unsuccessful" means that someone has attempted to use your username to log in, but used the wrong passphrase. In combination with the time of the "Last successful login" message, you may be able to determine whether someone succeeded in guessing your passphrase.

Sometimes people make typing mistakes, maybe adding or omitting a letter in their usernames when logging in. For example, jxsmith might erroneously enter jsmith when prompted for a username. The next time the real user jsmith attempts to log in, it will appear that someone has attempted to log into that account. In this case, jxsmith was not attempting malicious or illegal behavior, but rather is guilty of simple human error.

If you suspect that someone has guessed your password or passphrase and logged into your account:

1. Change your password or passphrase immediately. For help, see At IU, how do I change or synchronize my Network ID passphrase? Choose a passphrase that is difficult to guess. To see guidelines for selecting a good passphrase, see Passwords and passphrases.
   
   
2. Report the following information to  it-incident@iu.edu :
   
   
   • Which account(s) you believe was/were broken into, including your username and system, e.g., dvader on IU Webmail
   • The time(s) that you believe your account was compromised
   • Why you think your account was compromised

     Note: Do not include any names of individuals you suspect may have accessed your account(s). The Information Technology Security Office (ITSO) at IU will request this information if it is needed.

For maximum security, change your passphrase frequently. Also, remember that it is against IU policy to share your passphrase or accounts with others, or to use another person's username and passphrase, even if the account owner gave them to you.

Also see:

• What should I know to avoid getting in trouble with email?
• At IU, how do I report a suspected information or information technology (IT) security issue?
• Best practices for computer security
• What are my responsibilities as a computer user at IU?
• If I give my passphrase to someone else who uses my account to send a harassing email message, will I be held responsible?