With effect from 24 January 2017, staff and students who have registered their mobile phone no. and/or alternate email address with ITS will receive security alerts from ITS sent via SMS (sender name is “HKUITS”) and/or alternate email address when-
Scenario 1: Suspicious multiple login attempts using the same HKU Portal account are detected on a single date. These suspicious login attempts usually originate from different places around the world and such abnormal usage pattern is likely because an account is under brute force attacks.
Scenario 2: An HKU Portal account is found compromised with a suspicious login and/or it has been used for sending spam messages.
For scenario 1, alerts will be sent to the staff/student concerned to inform them of the suspicious login attempts detected and advise them to change their HKU Portal PIN if the logins are not done by them.
For scenario 2, the compromised accounts will be temporarily disabled to protect it from further unauthorized use and to stop the massive volume of spam generated. Alerts will be sent to the staff/student concern to let them know the temporary account suspension and request them to reset their PIN through the submission of an application form.
All staff and students who have registered to use 2FA (2 Factor Authentication) will have their mobile phone no. and/or alternate email address recorded under ITS. For those who do not have the need to use 2FA, they are recommended to register their contact information under HKU Portal (type “contact info” in the Search field and click the link “Register Contact Info with ITS”). After registration, they will be able not only to receive the above mentioned security alerts in a timely manner but also reset their HKU Portal PIN online when they forget it next time.
May we take this opportunity to remind all staff and students of the good security measures by-
- changing their HKU Portal PIN regularly (every 180 days according to our Password Policy);
- ensuring their PCs are well protected with anti-virus software and up-to-date security patches; and
- not disclosing their HKU Portal PINs and share their accounts with others.
If you have questions on the above, please feel free to contact the undersigned or our Service Desk at 3917 0123 or firstname.lastname@example.org.
Information Security Team
Tel: 3917 5952