Skip Navigation
» About Safe Computing

Monday November 23rd, 2009 » Fall Quarter, Week 9

Safe Computing > Password Security

UCInetID Password Security Alert

May 21Due to recent stolen UCI passwords and increasing Internet security concerns, everyone who has not changed their UCInetID password since October 1, 2006 must do so by May 21, 2007.

IMPORTANT:
If you do not change your password by May 21, your access will be disabled until you re-activate your UCInetID.

We also ask that you verify you are running up-to-date anti-virus software on home computers, and take special care when using public and other shared computers.

UCInetID Passwords Stolen

In recent months we have discovered that a number of UCInetID passwords have been illicitly obtained by outsiders (all affected individuals have been notified separately). Our investigation has not found significant improper access resulting from the stolen passwords, but there was the potential for it. Additional UCInetID passwords may have also been stolen.

What You Can Do

  1. Change your UCInetID password.
    If you have not changed your UCInetID password since October 1, 2006, you must do so by May 7, 2007.
  2. Use a unique password for your UCInetID.
    Do not use this password for anything else. Use a completely different password for Amazon, PayPal, or any other service you subscribe to that is not UCI related.
  3. Check your computer for viruses.
    Investigation thus far indicates that the stolen passwords were obtained using infected computers external to UCI. Some experts believe that as many as 11% of Internet-connected computers have been infected with viruses and other "malware" that allow them to be remotely controlled by cyber-criminals. One common function of this malware is to record keys that are typed on the computer and then forward collected information to central locations for analysis and distribution.

    It is important that you verify that your home computers are all running regularly updated anti-virus software to detect malware that might be installed and that you take the additional security precautions found on the UCI "safe computing" web site.
  4. Use caution on public or shared computers and while traveling.
    Be careful when using public or shared computers, borrowing a computer from an acquaintance, or using public wireless networking. If you use a computer whose security status you cannot verify, it is a good idea to change any passwords entered after you return to your own computer. Avoid entering personal information on public or shared computers due to the possibility it could be collected.
  5. Use a VPN when using public wireless networks.
    To ensure your communications are "encrypted" and cannot be intercepted, always use a "VPN" (such as the campus VPN) when accessing campus services using public wireless networks.
  6. Review additional password security tips.
    Password security is important not only for your UCInetID but to protect your computer and other accounts that you access, both business and personal.