38,000 people forced to pick up email passwords in person

Malware and legal requirements force academics and students to join a near-endless line in order to pick up their passwords

Usually, if you forget your password or need to change it for other reasons, getting a new one is a straightforward process that involves a few clicks. Now imagine you would have to prove your identity and retrieve your password in person. Don’t rush to laugh this off as a bizarre fantasy, as thousands of students and faculty members at the Justus Liebig University Giessen in Germany were unlikely to be laughing when they learned that they would have to do just that.

According to the institution’s statement, 38,000 students and academics now have to stand in line, ID card in hand, so that they can receive new passwords to their university email accounts. The distribution of new passwords was prompted by a malware incident detected last week, with the university’s network being offline since December 8th. As for the unorthodox way of issuing new passwords in person, the staff are citing the legal requirements of the German National Research and Education Network (DFN).

Arguably, in a way the university can be lauded for its incident response. Since the incident was noticed, the servers and machines were taken offline. USB flash drives loaded with security software were handed out to faculty members, institutes and departments to carry out scans of all machines connected to the university’s network. The devices that passed the first wave of checks were labeled with green stickers.

A second wave of scans then followed, and included, to use the university’s own words, a “specialized scan for the new virus type”. A total of 1,200 USBs were prepared for the second wave, which has been underway since December 18th. Computers that passed both scans are immediately cleared for use. Students were assured that their private machines were free of any risks since they use a separate university network to the one that was compromised.

Nevertheless, the university’s IT Service center decided to assign new passwords to everyone since they suspected that the malware hit their e-mail servers as well. The whole process was designed to be as precise and orderly as possible, and the students and faculty were separated into groups based on their date of birth and can pick up their passwords during allotted timeslots.

Prospective students were affected as well. The website through which they could apply is currently offline as well. This means that they will have to apply through more “analog” ways, such as submitting applications in person or sending them by traditional mail.

19 Dec 2019 – 04:12PM

Latest Posts