This article contains information on preventing an account compromise as well as how to regain access once an account is compromised.
Tips to Prevent an Account Compromise
Taking steps to prevent an account compromise is an action that takes little effort on the front end, and can prevent quite a bit of inconvenience in the future. Below are a few tips to help keep an account secure.
If you write your password down, do not leave the paper where someone else can find it.
- It is recommended you use a password manager to maintain a strong and unique password for each individual account
Choose a secure password for each account. Your password should be difficult to guess, but easy for you to remember. The following is the password security criteria required by the University of Oregon:
- Password should not be a word in the dictionary.
- Maximum Length: 127 characters.
- Minimum Length: Eight characters.
- Password should contain three of the following:
- Must not contain your ID, email, first name, full name, last name, or any nickname.
- Must not be one of your last three passwords.
For advice on how to create a strong password, see How To Create A Strong Password.
Be sure to guard the Security Questions and answers you defined when creating your account. Be aware that the security questions page can be accessed by anyone. Personal social networking accounts (ex. Instagram, Twitter) can contain a great deal of personal information that can be used by others to gain access your account if you are not diligent with protecting your personal information. With this in mind, as always, be careful what you post on social networking sites, and ensure your Security Questions do not refer to information that anyone other than yourself knows.
Regaining Control of a Compromised Account
If you believe your account has been compromised it is very important that you attempt to reset your password by clicking Forgot Password. This will prevent anyone from logging into your account in the future. Once you have performed this step, please ensure that the account's security has indeed been compromised and the cause was not something as innocent as having forgotten your password.
Run a virus scan for malware installed on your machine if you feel as though your machine has been exposed to malware.
Some indicators your account may have been compromised are:
- There are multiple login attempts from several other states/countries in a short period of time.
- You have clicked on a known phishing email.
- Malware was detected on your device.
- There is account activity from on-campus and off-campus locations at the same time.