Tips on password changing after a compromise

Owned by Trevor Bain
Last updated: Oct 28, 2024
1 min read

We recommend that:

  1. After changing your password in WATIAM, login to WATIAM again and verify that the new password is correct at WatIAM.

  2. Your new password should be completely different from anything else that you currently use.

  3. Check other devices such as laptops phones and tablets. If your old password is on any of these devices, they may try to pass the old password and eventually lock out your account.

  4. If your old password is used anywhere else you need to change it there too (e.g. Facebook, Twitter or any external service) even if it is not associated with your @uwaterloo.ca email

  5. Never use that password again, anywhere

  6. Sign out of Office365 (See: Sign Out of Microsoft Office 365 | IT@Cornell). This is especially important for Mac users because your Office applications (Outlook, Word, PowerPoint, Excel, OneDrive) likely have a copy of your old password. If they don’t prompt you for a new password when you launch them, they may lock out your account by continuously trying the old password.

  7. Once your password has been changed, we suggest that you close your applications and restart your computer. When prompted enter your new password.

  8. Wireless can be a bit tricky, it is recommended that you forget Eduroam and reconnect, as described at Connecting to Eduroam.

  9. If you use a UW Windows computer at home which is connected to the NEXUS domain it will be using saved/cached credentials (i.e. your old password). To get it to use your new password and Run the VPN before login. Once connected to the VPN wait 2 minutes before attempting to log in with your new password.

  10. Consider using Password Manager software like Bitwarden or 1Password.