Password Change Enforcement - September 2024

Due to a security issue that has come to light in September 2024, some TUS users are required to change their passwords as soon as possible

What is happening?

Certain TUS users need to change their TUS passwords. Passwords must be changed via Microsoft 365 (formerly know as Office 365); if a user tries to change their password using the CTRL-ALT-DELETE key combo on their laptop or PC then it will not work.

Full instructions on how to change your password via Microsoft 365 can be found at the knowledgebase article below:

How to change your TUS Password through Microsoft 365

Why is this happening?

The migration of user accounts and passwords from the old LIT and AIT environments, as part of the TUS identity migration in May 2023, meant that a users old password was carried over to the new TUS infrastructure. Some users passwords in the old LIT/AIT environment were encoded using an older version of what is known as a hashing algorithm, which is how our systems encrypt your passwords. TUS accounts that have a password encrypted with this older version of the hashing algorithm are now generating alerts in our TUS security monitoring software, meaning that the passwords for these users need to be updated.

When is this happening?

Staff members whose user accounts are affected will be notified via e-mail from the TUS Systems Integration team e-mail account (systemsintegrationteam@tus.ie), on Friday September 27th 2024, asking them to change their password and providing instruction on how to do so.

From Friday October 11th 2024, password changes will start being enforced on the remaining affected user accounts. These will occur on a rolling schedule every Friday until December 20^th 2024, or until all passwords have been changed. Your account will be included in this schedule if you do not change your password before then, and we encourage you to change your password in your own time before October 11^th. If you have changed your password before that date, your account will be removed from the schedule.

What do I need to do?

If you receive an e-mail from the TUS Systems Integration e-mail account (systemsintegrationteam@tus.ie) on Friday September 27th, with the subject line "Security Issue: TUS password change required", please follow the instructions in that e-mail to change your TUS password.

If you wish to change your password regardless, you can do so by following the same instructions at the link below.

How to change your TUS Password through Microsoft 365

After you change your password, you should log out of your device and restart it.

Is there a security risk to my TUS account or data?

The security risk to your TUS account or data is low. This issue manifests itself in our security monitoring system as an attempted credential theft attack, however further investigation of these alerts has not indicated that any such attacks have taken place on any TUS accounts thus far - the errors are generated due to the older password algorithm in place on the account password. There is significant overhead involved in verifying these errors and a risk that a genuine attack of this sort may go unnoticed due to the high volume of false positive alerts, hence why we are enforcing this password change for affected users.

I need assistance with this. How do I get help?

If you require any assistance or have any queries, please log a call with the IT ServiceDesk in Midlands or Midwest.

https://itservicedesk.midlands.tus.ie/

https://itservicedesk.midwest.tus.ie/