- Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
- Malware or other compromises of your device which installs software designed to run in the background and steal passphrases
- Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed
However, a couple of tell-tale signs of credential compromise are:
- Your colleagues and friends have received unexpected messages from your email account (spam or additional Phishing emails)
- You suddenly cannot login with your CalNet credentials because an attacker has changed your passphrase
- Know how to evaluate whether websites asking for your passphrase are legitimate. When in doubt, ask by sending an email to itcsshelp@berkeley.edu or contacting ITCS at 510-664-9000
- Only use devices that are up-to-date. This means patches for all software are installed as soon as the patches become available, that the browsers are configured for maximum security, and the device otherwise meets the campus Minimum Security Standards for Networked Devices.
- Do not reuse your CalNet passphrase for other websites
If in doubt regarding the security of your CalNet account, change your CalNet passphrase!
When changing your CalNet passphrase, be sure to do so from a machine you believe is not infected by malware or otherwise compromised. Anti-malware and antivirus scans should result in a "clean" report (no infections) for the machine you intend to use to change your CalNet passphrase from.
Additionally, if you answer yes to any of the following questions, you should also reach out to the ISO office, by emailing security@berkeley.edu:
- While performing your normal duties, do you access protected data (UC P4) from the workstation for University business, including access to the data through central campus applications/services (ImageNow, PeopleSoft, HCM, Payroll/PPS, BFS, etc)?
- Do you suspect there are University (non-personal) documents containing protected data stored on the workstation?
- Are there file shares (also known as network drives or mapped drives) mounted on your workstation with stored protected data, whether or not you work with those files?
- Do you use accounts on this workstation that have privileged [administrator, superuser, database owner (dbo)] access to other systems with protected data?
- Do you store any usernames and passwords in plain-text (not encrypted) on the workstation?
- Do you work with Research data regulated by Campus Institutional Review Boards (IRB), California Committee for the Protection Human Subjects(CPHS), or subject to other Data Access Agreements?
Note: The Information Security Office is sometimes informed when passwords associated with UC Berkeley accounts are exposed in public forums or discovered during breach investigations. In these cases, we may test the exposed passwords to see if they are valid CalNet passphrase. If the passphrase is validated, it will be scrambled immediately and the account deactivated until the account owner is contacted to create a new passphrase. This testing is done only for validation purposes and is not used for access to the account holder's email or other electronic services.
Please see Why did I get a Credential Exposure notice and what should I do? for information on what to do if you receive an ISO Security notification for exposure of your account credentials.