Skip to main content

Cornell University

IT@Cornell

If the Security Office Locks Your Account After Detecting It's Compromised

If the IT Security Office determines that your password has been compromised, your account will be locked to stop further abuse.

This article applies to: NetIDs , Security & Policy

On This Page

If the IT Security Office determines that your password has been compromised, your account will be locked to stop further abuse. You will need to either

  • Contact the IT Service Desk to reset your password, or
  • If you are an alumnus/a who has no other relationship with Cornell (such as faculty or staff), answer questions online using a Knowledge-Based Authentication (KBA) system.

IT Service Desk

To request a password reset through the IT Service Desk, you must visit in person or schedule a video chat. You will need to provide proof of identity—your Cornell ID card or your valid government-issued photo ID card, such as a driver's license or passport.

How to contact the IT Service Desk.

Knowledge-Based Authentication

The Knowledge-Based Authentication (KBA) tool is hosted through the NetID Activation page. You may be familiar with KBA if you've ever interacted with a system that asks you to verify your identity by choosing from a list of addresses where you've lived or other interactions of yours that are recorded in public-record sources. At no point are any of the questions or answers from the account-recovery process stored in Cornell systems.

If you are an alumnus/a with no other affiliation with the university (such as faculty or staff) and know your account has been locked due to apparent compromise and want to use KBA to unlock it, you can do so through NetID Activation. (If your account is not locked for this reason, the KBA won't be shown.)

If you are enrolled in Two-Step Login, after answering the KBA security questions you will also be required to authenticate using Two-Step Login.

Check Your Cornell Personal Information

After unlocking your account you should immediately:

  • Look for and remove any Two-Step Login devices you do not recognize.
  • If you previously set a Recovery Email, verify that it is still correct. If you have not yet set a Recovery Email and are still using Security Questions you should now set a Recovery Email as Security Questions are being phased out.

Next, log into your email account (Outlook on the Web and Cornell Google Workspace if you have a Cornell Google Workspace account) and do the following:

  • Check your email forwarding. This is often changed when an account is compromised so that your email is delivered to the attacker.
  • Review your Inbox rules (Outlook) and filters (Google). Rules can hide the activity of the attacker and any responses that would help you detect unauthorized activity.
  • Make sure that your signature wasn't altered.
  • Verify that no application passwords (Google) or add-ins (Outlook) were created that will allow access to your account. These can persist even after you have reset your password.
  • Look through your third party applications list on your Microsoft and Google accounts. Third party applications may be able to access your mailbox or other account information. Make sure that the only third party applications in your account were added by you and not an attacker.

You should also see whether any of your personal information has been changed in such places as:

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.