Steps to take when your password has been compromised

Tags passwords

 About

Compromised passwords present a significant cybersecurity threat and are a common issue. When a password is compromised, it can lead to serious consequences. Your personal information may be stolen, and K-State systems become vulnerable to attacks. So, what should you do if you suspect your password has been compromised? If your password becomes compromised, follow the steps below. If you suspect unauthorized access to your K-State accounts, please report it to security@k-state.edu or call the IT Service Desk at 785-532-7722.

 Audience

  • Students
  • Faculty
  • Staff
  • Guests

 Details  

  1. Change your K-State eID password to a strong, unique password that includes a combination of upper and lowercase letters, numbers and special characters. Avoid using any old passwords. Do not reuse the same password across multiple accounts. If you have used the compromised password for other accounts, such as online banking or streaming services, change those passwords. Consider using a password manager for enhanced security.
     
  2. Check your Duo settings to ensure your phone number or authentication method hasn’t been changed without your knowledge. If you notice anything suspicious, notify the IT Service Desk.
     
  3. Log out of all Office 365 tools, this will occur automatically when you change your password. If you are logged into other devices or apps, make sure to log out manually to ensure complete protection.
     
  4. Be cautious of fake reset emails. If you receive unexpected password reset emails, do not click on any links. Instead, visit the official website directly to verify. Report any suspicious emails to abuse@k-state.edu.
     
  5. Review and remove saved passwords. Delete saved passwords for your web browsers and devices. If your old password was stored in a password manager, make sure to update or remove it to prevent accidental use. Clear autofill and saved login information so your devices do not automatically fill in compromised credentials.
     
  6. Be alert for phishing attempts and avoid emails or messages requesting your login credentials or personal information. K-State will never ask for your password via email. Report any suspicious emails to abuse@k-state.edu.
     
  7. Verify your payroll and financial information. Check your direct deposit settings by logging into K-State’s HRIS system to ensure your bank account and routing number are correct.