What to do when your password has been compromised

You may realize that someone else has gained access to your password by being notified by a system or network administrator, or by the discovery of unauthorised access to your account, or just by realizing that something is wrong in your account.

In all these cases, the answers are the same:

Change your password, and be sure to do so in a secure fashion:
- On Windows systems, use Kerberos for Windows which can be found at the software page.
- On Macintosh systems, use Kerberos for Macintosh
- Athena users use passwd
Make sure that you never send your password over the network unencrypted. Kerberized telnet is available for most systems, and will protect your password when connecting to other machines.
Use "good" passwords, that are hard to guess or break.
If you suspect that files have been deleted or changed, try and restore usable copies from backups. Athena users should send mail to Athena Operations, with all relevant details. Users of individual systems are advised to use the TSM backup system.
IS tries to track security incidents. You should report break-ins to the security team, including all the relevant information.

network@mit.edu