skip to content

IT Help and Support

University Information Services
 

In response to a security incident, UIS may be obliged to reset a user's UIS password.

Why the UIS might change a password

The UIS user name (CRSid) and password is the key to accessing many University IT resources. For this reason, they have an inherent value to a potential criminal or cyber attacker and can be stolen and misused.

In these situations, the solution is to change, or reset, the password as soon as possible, thereby removing the attacker's access and preventing further misuse of the account.

When possible, UIS will try to contact an affected individual asking them to change the password. This allows the individual to maintain access to their account throughout. However, there are situations when this is not possible.

 

Examples of situations in which UIS may be obliged to change a user's password

If UIS has made a reasonable attempt to contact a user, or the compromise is considered high enough risk for an immediate action, UIS staff may be obliged to change the user's password. In these situations CSIRT, or other UIS staff, will place a request with the User Admin team.

The following examples illustrate when UIS may change a user's password.

  • A compromised email account, such as Hermes, is used to send spam. In this situation the user's password is changed immediately to stop the spam emails.
  • Following a security incident, if a user does not respond to a UIS request to change their password within a sensible time frame (typically two working days), UIS may change the password for them.
  • A user cannot be easily contacted for an indefinite period – for example, because of prolonged sick leave. A consultation with the user's institution is normally undertaken before this done.
  • UIS becomes aware of a high-risk compromise. In these incidents UIS may need to take immediate action and reset a user's password.

In each case, the UIS will attempt to contact the individual by emailing the local institutional IT staff to which they are affiliated, or by telephone.

 

eduroam and VPN network authentication token

eduroam and VPN authentication rely on a different password, referred to as the network authentication token. This works a little differently to the UIS password. CSIRT, and other UIS staff, are able to disable authentication to eduroam/VPN but without actually changing the user's token.

So in some incidents CSIRT will disable a token for the user as a precaution while an incident is resolved, enabling it again when the incident is over - but without having changed it. The user is then able to change their own network token if required.

 

What to do if your password was changed

If the password is changed by UIS, the user must use the follow 'Forgotten password' process on the Password Management site to get a new one.

Unfortunately CSIRT cannot provide the user with a new password, they do not have the necessary authority to do this.

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

New digital certificate service launched

30 July 2021

We've launched a new digital certificate service, and are now onboarding institutions and IT staff. The new Jisc-based service enables IT staff to create and manage a broader range of certificates (TLS, client and code signing) in minutes and at no cost to their institution. Comparing the old and new certificate services...

Moodle maintenance Tuesday 3 August 07:00-09:00

28 July 2021

The Moodle service will be subject to interruption on Tuesday 3 August 07:00–09:00 due to essential maintenance. While Moodle is unavailable, users will not be able to log in to the Panopto cloud service. Panopto recordings can still be made offline for later upload. If you have any questions, please contact the Moodle...

Internet Explorer 11 will no longer be supported by Microsoft 365 apps and services from 17 August 2021

23 July 2021

Microsoft has announced that from 17 August 2021, all Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE11). This follows Microsoft’s announcement last November that Microsoft Teams would no longer support IE11. After 17 August 2021, you'll have a degraded experience or will be unable to...