After a malware attack, the University of Giessen is forcing students and employees to pick up new passwords in person to comply with strict legal requirements, prompting long lines of people outside the school gym.
Password resets are usually pretty straightforward. But a university in Germany is requiring every student to line up and personally pick up their passwords for the school’s email system following a malware attack.
The University of Giessen is making the odd request because the school is a member of a German research network with strict rules. As a result, the university must follow legal requirements that ensure the new passwords are handed to the real owner, and not someone else, it explained in a notice.
“There is no alternative to this procedure,” the university’s web page adds.
The University in Gießen, Germany had a security incident that required resetting the passwords of 38000 students. Students are lining up to get their new passwords on paper, after identity verification. More about the incident on the bottom of this page: https://t.co/uMBOi2MpJr pic.twitter.com/QEKcPMZ2Sk
— svbl (@svblxyz) December 17, 2019
The only problem is that the school now faces the daunting task of handing out new passwords to 38,000 users. This week, long lines of students, faculty members, and other employees have snaked around the university’s gym to pick up the login credentials. To reduce the long waiting times, the school eventually came up with a schedule.
The password reset was done in response to a cyber attack that forced the university to shut down its internet and email systems earlier this month. The school’s hired security experts have blamed the attack on a piece of malware, which may have spread to employees’ Windows computers.
To neutralize the threat, the university has been handing out USB flash drives capable of conducting an antivirus scan when plugged into a computer. The school notes it has 1,200 USB flash drives ready to launch a “second wave” of scans to help stamp out the malware.
For now, students have been spared from the antivirus scans; their computers were connected on a separate network when the malware began to spread. But left unsaid is which malware strain was involved in the attack.