What is an Account Lock?
In some instances, OU IT may deem it necessary to lock a user account. This action is necessary to prevent unauthorized access by malicious third parties to OU Systems, networks, and services, and/or to protect that affected user and the University from loss or theft of sensitive personal information.
OU IT has worked diligently to ensure that legitimate user access is protected, while ensuring that compromised accounts are quickly locked to limit the risk of unauthorized access and data loss. OUIT utilizes automated tools and techniques to analyze account usage and behavior. The results are used to determine if an account is compromised and should be locked.
The following activities can reduce your risk of exposing your account to malicious third parties:
- Do not intentionally expose or share your password;
- Do not use the same password between your OU account and other sites or services;
- Change your account password regularly;
- Run a current, up-to-date antivirus / anti-malware program;
- Do not open attachments in emails from unknown senders or respond to a Phishing attempt.
If you feel any of the above may apply to you, please be proactive and install a reputable AV product and run a virus scan on your machine. Once this is done, and your machine is cleared of any malware or virus, visit accounts.ou.edu immediately to change your password.
What if I'm Hacked?
Ensure that you are running an AV program and change your password. This will remove the threat and prevent the account from being accessed by unknown individuals.
Why do Accounts get Locked?The following criteria is used to determine whether or not an account has been compromised:
- Notification from a trusted 3rd party that the account is compromised;
- Automated tools see the account being accessed from multiple countries across the globe in a time span shorter than what it would reasonably take to travel to each location;
- Source IP addresses used for account access have a reputation for spam, anonymization or other malicious activity;
- The account is sending spam;
- Network tools determine that the computer is infected and showing signs of compromise (e.g., malware callbacks, exploit kit signatures, suspicious/malicious DNS requests);
- A combination of any of these or other suspicious activity.
If the user does not remove the threat as described above through AV and by changing the account password – or if it is deemed necessary to immediately protect the user or University from a confirmed breach – the account will be locked. Once an account has been locked based upon this determination, the account will be unusable by a malicious third party thereby limiting the exposure and risk to the user and the University.
What if my Account is Locked?
If your account has been locked, please install and run an up-to-date virus scan on your machine. Once this is done, and your machine is cleared of any malware or virus, please contact 325-4357 or visit needhelp.ou.edu to submit a ticket requesting that your account be unlocked.
If you do not have admin rights to install and run an AV product you will need to contact your local IT representative to have them install AV and run a virus scan of your machine prior to requesting the account be unlocked. Once OU IT receives confirmation that the machine is cleared of any malware, the account will be unlocked.
What's Next?After an account is unlocked by OU IT, the user will need to go to accounts.ou.edu and click the "New to OU? Setup your OU accout" link on the bottom of the sign in page to set a new password.
It is important not to utilize the same or even a similar password to prevent continued or repeated access by a malicious third party to your account causing it to be locked again. The password requirements are:
- 8 character minimum;
- Must contain at least one lowercase letter;
- Must contain at least one uppercase letter;
- Must contain at least one number;
- Must contain at least one special character;
While complex passwords are important, being able to remember your password is also important. Did you know most 8-character passwords can be compromised in less than a day? Longer passwords are actually more secure. Try to use a passphrase like "StinkyF33tAreSuperSme!!y".