University of Oregon

Account Security and What to Do if Your Account is Compromised

Audience
Faculty/Staff
Researcher
Student
GTF

Tips to Prevent an Account Compromise

Taking steps to prevent an account compromise is an action that takes little effort on the front end, and can prevent quite a bit of inconvenience in the future. It is in the best interests of the student and the University to make sure to use appropriate password protection techniques that could include disabling file sharing, and scanning for viruses. Listed below are a few tips to help keep an account secure:

Beware of Phishing. Often e-mails will be sent out that look like they are from the University of Oregon or the Technology Service Desk. Please Remember that the University of Oregon will NEVER ask you for your password in an e-mail. You will receive e-mail notifications to reset your password every 180 days, and the link in said e-mail will take you to duckid.uoregon.edu. If an e-mail goes out that takes you to another page—even if it looks like the password reset page—do not type in your information! Instead, forward a copy of the e-mail to techdesk@uoregon.edu. See Video: Protecting Yourself Online and How To Avoid Losing Personal Information to Phishing.

Do not share your UO account information. Not only would sharing put your account at risk of compromise, but it is also not allowed by the UO Acceptable Use of Computing Resources Policy.

Do not write your password down. If you must, then do not keep it where others can find it. 

Choose a secure password. Your password should be difficult to guess, but easy for you to remember. The following is the password security criteria required by the University of Oregon:

  • Password should not be a word in the dictionary  
  • Maximum Length: 127  
  • Minimum Length: 8  
  • Minimum Lowercase: 1  
  • Minimum Number of Character Type Rules That Must Pass: 3  
  • Minimum Numeric: 1  
  • Minimum Special: 1  
  • Minimum Uppercase: 1  
  • Must Not Contain Your: accountId, email, firstname, fullname, lastname, nickname, UO ID  
  • Must Not Be One of Your Last Three Passwords  

Be sure to guard the "Security Questions" and answers you defined when creating your account with anyone, be aware that the security questions page can be accessed by anyone and Facebook contains a great deal of personal information that can be used to hack into your account. With this in mind, be careful what you post on social networking sites.

If you have reason to believe that your account has been compromised, please contact the University of Oregon Technology Service Desk immediately at techdesk@uoregon.edu or (541) 346-HELP (346-4357).

Regaining Control of a Compromised Account

If you believe your account has been compromised it is very important that you attempt to reset your password by clicking Forgot Password? on the duckid.uoregon.edu page. This will prevent anyone from logging into your account in the future. Once you have performed this step, please ensure that the account's security has indeed been compromised and the cause was not something as innocent as having forgotten your password.

If you are unable to reset your password, contact the University of Oregon Technology Service Desk, which is open from 8AM to 5PM Monday through Friday. If it is not during normal hours of operation, please send an email to the Technology Service Desk at techdesk@uoregon.edu. 

Run a virus scan for malware installed on your machine. Often, access to the account was obtained through phishing, or a trojan, usually a key logger.

When an account is reported or appears to have been compromised, the University of Oregon will quarantine the account while we conduct an investigation. Once we are confident that account access privileges have been restored to the user (and only the user), we will enable access to the account.