eRaider password changed without your consent or a 3rd party gained access to your account


Cause

One or more of the following may be true:

  • You may have clicked a link in a phishing email and inadvertently given away your eRaider credentials to a third party.
  • Your password was written down on paper or stored in an electronic file (for example, Microsoft Word document) to which someone else had access.
  • Your password was saved in a computer/device (such as in your web browser settings), and a third party used that information to access your account.
  • A third party knows your personal information (for example, date of birth) which is required in order to reset the password.
  • A third party has access to text messages for the mobile phone number specified in your eRaider account and was therefore able to receive a password reset code.
  • Malware on your computer (such as a keystroke logger) may have obtained the password on behalf of malicious individuals.

Resolution

No one at Texas Tech University or from anywhere else should ask for your password.

CAUTION: If you believe your eRaider password was changed by anyone other than yourself, contact ITĀ Help Central immediately.

1) IT support personnel can confirm the date and time of your most recent password change using various tools. Based upon records you may have or upon memory, ensure that that the date and time of the password change confirmed by IT support personnel was a change that you made yourself.

2) Reset your password to something that only you would be able to answer. If you need assistance choosing a password that is secure but easy to remember, please see the section "Creating a strong password" in eRaider password policies.

3) Never share your password with a co-worker, supervisor, parent, guardian, family member, boyfriend/girlfriend, spouse, or anyone else. You are the only person who should ever know your eRaider password.

NOTE: It is against TTU IT Security Policies for an account owner to share their password with anyone.

4) Ensure that your password is not written down anywhere.

5) Ensure that no one is watching you type your password each time you use it.

6) The contact phone number stored in your eRaider account is used to help reset the password, should you forget it. To prevent unauthorized access to your account, it is best to make sure no one else has access to receive text messages or voice calls from your mobile number. Some mobile carriers provide access to the account's text messages through various means, such as mobile apps or from a web browser from anywhere on the Internet. Check with your mobile carrier for details on restricting access to your text messages.

7) Consider turning off settings in web browsers, email software, and other locations which may remember your password. Also, consider clearing the existing saved passwords in such locations. Having the password saved is convenient, but it opens the possibility for others to gain access to your account.

8) Get into the habit of locking your Windows PC or locking your Mac when not in use.

9) Enable a passcode or similar security features on your mobile devices, and get into the habit of locking them when not in use.

10) If you believe that someone has gained access to your personal information as a result of a third party having access to your credentials, consider contacting the appropriate office on campus depending on what might be compromised. Also, you may consider filing a report with the Texas Tech Police Department.

Outcome

Your account has been secured.

If you continue to experience unauthorized password changes after changing your password and/or updating your account information, file a report with the Texas Tech Police Department. The police will work with the Enterprise IT Security department to investigate the source of the account compromise.