UVM's Information Security Operations Team answers "Why?" Why?security

Why would anyone want my NetID and password?

National Cybersecurity Awareness Month is an annual opportunity for folks like us to encourage folks like you to adopt a simple, three-point approach to keeping yourself and your information safe online:


Ever wonder why you get all those messages asking you to “Confirm your account now!” or “Login today or your email permissions will be revoked!” or “Verify your password or else!” or any number of other threats with a link that brings you to a site that might be a UVM-looking page (or not)?

The reason is simple: Your username and password opens a lock. Unlocking that lock permits the user onto the UVM network (from anywhere in the world), gives them access to your email, and may allow logins to other UVM systems with access to all the same information you have.

And if you happen to have used the same username and password on other sites there could be money at stake (your bank? Amazon?). Could be that they can access other information about you that can be used to set up an identity that looks, electronically, just like you and can open the door for medical fraud, financial fraud, and other cyber crimes that can haunt you just as you are about to buy a house, get your first credit card, and snag you during a background check for that job you always wanted.

Protecting something as simple as your NetID and password now can help you avoid these problems in the future.

We encourage you to STOP before entering in your password on a site that was linked in an email. STOP before reusing that same password on multiple sites. STOP before posting information about yourself that may hint at what your password is. (Fortunately, it’s easier to change your password than rename your dog.)

Then THINK about the possible implications of this action: Would anyone really close your account because you didn’t respond to one threatening email? What are the consequences of not entering your username and password?

Finally, CONNECT with the sender’s organization to find out whether the message was real or a scam. Work with your bank/retailer/organization to have more options than a simple username and password combo to access their services.

A little effort now can help you avoid future mayhem, or at least reduce the effort necessary to undo the damage when your username and password are compromised.


Darcy Pientka, for the Information Security Operations Team

Skip to toolbar