Account Blocking

The blocking of an account can be done for 2 reasons:

1. Use of the Account is Abused If we detect misuse of an account (e. g. sending spam emails), we have to block the account in question in order to prevent further misuse, which could be detrimental to the reputation of Graz University of Technology and could also cause high financial damage.

The block can only be lifted when it has been clarified beyond doubt how this misuse could have occurred and how further misuse can be prevented. Once the lock is removed (the password is also changed in the course of the lock), the user must reset his password in the usual way.

Possible variants of how the misuse could have occurred:

1. Phishing

If it is clear that phishing is the cause, then we ask for info why our info on phishing was not understood or not read.

The (forced) change of the password then solves the immediate problem.

2. Keylogger on a foreign computer

On a foreign computer (e. g. Internet café, computer of acquaintances etc.) you should never enter your password, in Internet cafés you can almost certainly assume that keyloggers etc. are installed. Please use only the mobile phone signature/ID Austria on foreign computers!

The (forced) change of the password solves the immediate problem.

3. Keylogger on own computer

Of course, it is also possible that your own computer is infected with malware (Do your children have access to your computer with administrator rights?), then it is pointless to change the password before this malware has been removed - i. e. if you have only used your own computers, then these must be checked for malware (current virus scanner!) and only when this has been found and removed the account can be released again and the password changed, then.

4. Password recycling

It is forbidden to use access data of TU Graz in other systems (also of TU Graz)!

The (forced) change of the password solves the immediate problem.

5. MitM attacks

In principle it is possible that e. g. with eduroam or generally WLAN the own device does not talk to the server of the TU, therefore in the area of network access an own network access password is used. For the WLAN configuration you should use our CAT if possible.

The (forced) change of the password solves the immediate problem.

6. Brute force attacks

Since the passwords of TUGRAZonline are not stored in a simple file and, above all, are encrypted, an offline brute force attack is rather unlikely (for this the attacker would have to know the username and the corresponding encrypted password and the type of encryption) and an online brute force attack should be noticeable to us in the log files, i. e. here, too, it is rather unlikely (together with our password policy) that an attack will be successful.

The (forced) change of the password solves the immediate problem.

7. Social Engineering

Of course, the password can also get into the hands of others through observation or (unauthorized) passing on. In this case, secure handling of the password (concealed entry and under no circumstances passing it on) helps against misuse.

The (forced) change of the password solves the immediate problem.

2. Dismissal or De-Registration In the case of a dismissal, the account will be blocked upon written instruction by the Rectorate.