UNH Information Technology has issued a security alert requesting that all UNH students change their passwords immediately. A notification to all students was sent out on the afternoon of December 15 (full notification text can be seen here https://www.unh.edu/it/news/2017/12/legitimate-email-subject-urgent-please-change-your-unh-password-immediately).
Frequently Asked Questions
Q: I am trying to change my password but it is failing, what should I do?
Due to the high volume of students accessing the Change Your Password tool, some students are experiencing issues changing their password. If you receive a notification that your password change was unsuccessful, do the following:
- Come back tomorrow and run Link Up (https://www.unh.edu/it/link-your-accounts) to ensure your new password has been changed across all UNH systems.
- When logging in to Link Up, use your new password.
- If Link Up accepts your new password, you will see check marks for each account as your new password is synced to that account. Once this complete, you are all set.
- If Link Up does not accept your new password, return to the Change Your Password tool and try your password change again.
If you need to access UNH resources immediately, try logging in with your new password unless you are accessing your O365 email. Use your old password to access email until you are able to successfully run Link Up.
Q: I already changed my password because of this incident. Should I change it again?
If you are at all suspicious that your e-mail account or UNH username and password might be compromised, it is best to change your password. This minimizes the risk that you will end up losing the ability to send e-mail from your Wildcats e-mail account.
Suspicious e-mail activity includes large amounts of outbound e-mail in your sent mailbox that you did not intend on sending or large numbers of failed delivery attempts in your inbox.
If you know that your account was already secured because you were sending spam in the last week and you do not think your account is still compromised, you do not need to change your password again.
Q: How did this incident happen?
There are many ways attackers can obtain user credentials to send massive amounts of spam e-mail. While UNH IT makes every effort to protect your information and prevent security incidents, it is not possible to eliminate all risk.
Your account can be compromised when you click on past phishing e-mails and enter your username and password. Read this article to learn how to spot a phishing e-mail at UNH and how you should respond to it.
If you use your UNH e-mail address or your UNH username as your username or e-mail for accounts outside of UNH, this increases the risk that your account will be compromised.
Another very common way you can become compromised is it you use the same password, or the same password creation schemes, on other accounts.
Lastly, due to the highly sophisticated tools, techniques and procedures utilizes by attackers, passwords are easier and easier to crack and are not a very reliable form of authentication.
Q: What can I do to better protect my password?
The best option to protect all your passwords is to use a password manager. Review our knowledge base article on password managers to find out more!
Additionally, it is best practice to change your password on all of your accounts at least every 6 months. We do encourage students to change their UNH passwords as often as they would like, although it is not required.
Q: Why is Microsoft not letting me send e-mails?
Because UNH IT uses Microsoft Exchange Online, Microsoft provides some security protections for us. As part of this, they do detect when an account is sending spam and they will automatically stop that accounts ability to send e-mails. UNH IT does not have any control over when Micrsoft will start allowing that account to send e-mail again, however the account is still able to receive e-mails and access all other UNH IT resources once the password is changed.