Grunnet et alvorlig sikkerhetsavvik hos vår leverandør Sikt – Kunnskapssektorens tjenesteleverandør (tidligere UNINETT), vil vi anbefale alle våre brukere som har fått nytt passord etter 2. april 2022 om å bytte passord.
UiB avdekket i forrige uke at nye passord blir logget i Sikt sine systemer hver gang brukere bytter passord. Sikt som leverer løsningen for passordbytte til UiB, opplyser at feilen nå er rettet og at alle passord er slettet fra loggene deres. Vi vurderer det som lite sannsynlig at passord er kommet på avveie, men det kan ikke utelukkes. Derfor anbefaler vi alle som har fått nye passord etter 2. april 2022 om å bytte passord.
Kontoene på UiB er i tillegg sikret med to-faktor og vi har gode varslingssystemer for å oppdage mistenkelige forsøk på pålogging. Derfor er det lav risiko for at uvedkommende får tilgang til kontoer på UiB. Samtidig vet vi at det er en tendens til at brukere benytter samme passord i ulike tjenester, selv om man fraråder dette.
Passord endres på passord.uib.no. For informasjon se i hjelp.uib.no.
Vi beklager ulempen dette medfører, men ber om forståelse.
Med vennlig hilsen
Tore Burheim
Information regarding new passwords
Due to a severe security flaw at Sikt (Norwegian Agency for Shared Services in Education and Research), we recommend all users who have changed their password since 2nd April 2022, change their password again.
UiB discovered last week that since 2nd April 2022 whenever a password was changed, the plaintext password was logged in a Sikt system. Sikt have now fixed this flaw and no longer write passwords to the log file. The passwords that were logged have now been deleted from all known locations.
While it is unlikely that the logged passwords have been the subject of a security breach it is impossible to confirm this one way or the other. Therefore, anyone who has changed their password between 2nd April 2022 and 12th June 2024 should now set a new password.
Many services at UiB are secured with two factor authentication. We have systems in place to discover suspicious logins. We continue to use these processes to discover security breaches. Due to this, we think there is a low risk of unauthorised access to UiB systems from this security flaw.
We also know that many people re-use passwords across many services including services outside UiB. If this is the case for you, you should change your password wherever you have used the same one you have set at UiB since 2nd April 2022.
Your password can be changed by visiting password.uib.no. If you need assistance, or for further information, please visit help.uib.no.
We apologize for the inconvenience caused by this situation and ask for your action and understanding while you change your password.
Vennlig hilsen/Best regards
Tore Burheim