Upcoming communications about account security

A key role of enterprise IT is identifying security risks and protecting our community from them as much as practical.  The most effective approaches typically require coordination between system operators and service customers.  This is particularly true for account compromises, where someone uses stolen credentials to access confidential information or to masquerade as the legitimate account holder.  ITS has been using an application called haveIbeenpwned to gain insight into possible account compromises.  It allows us to identify accounts containing a UConn email address that have been exposed through an eternal breach, passwords that are compromised, or passwords that are clearly at risk.  ITS will be communicating directly with individuals whose institutional accounts have been identified as vulnerable.  These automated messages will alert the account holder and provide directions on how to proceed, which will range from security recommendations to password change requirements.  We understand that the community is legitimately wary of account notice messages.  To compensate, we will share sample messages in advance so that you will be better equipped to validate email authenticity and help direct your constituents to netid.uconn.edu, the official location for managing NetID credentials.