Queue up, please! University Asks Thousands to Stand in Line For New Passwords

  • More than 38,000 people will queue up this week with a piece of paper and ID card to get a new password.
  • This is for a password reset operation at a German University that recently fell victim to a malware attack.

University hit by a malware attack

Last week, a malware infection infected the Justus Liebig University Giessen (or the University of Giessen) in Giessen, Hesse, Germany.

  • The details of the infection such as the malware name or nature have not been made public.
  • However, the IT and server infrastructure were taken down owing to the severity of the infection.
  • The University’s network has been down since December 08, 2019.
  • After the attack, each JLU computer was being scanned for any signs of malware using antivirus scanners on over 1,200 USB flash drives.
  • This scan was performed twice and systems that were clean were given a green sticker which indicated it was safe to connect them to the network again.
  • As the infection is also believed to have impacted the email accounts, passwords for all the accounts were reset.

Due to requirements of the German Law, the University could not share the new passwords to staff and students through personal email addresses. So, they asked staff and students to queue up for collecting new passwords.

Password reset procedure

To collect the password, the University has allotted slots for the students and staff based on their birth months.

  • The user ID is said to remain unchanged while the password must be personally collected according to the schedule provided.
  • The University asks for a valid identity card and a personalized JLU chip card containing a photo to validate the person’s identity.

“As JLU is a member of the German National Research and Education Network (DFN), the new passwords may only be issued personally so that JLU adheres to the legal guidelines of the DFN. It is therefore not possible to issue a new password to a person on behalf of someone else. All passwords must be collected personally,” reads the University’s notice.