Access & Identity Management
Eduserv Background Image Go to main textinnovative technology services
Home
Athens
Chest
Web Solutions
Foundation
You are in :    Eduserv > Athens > Multiple country use
Log on to

In this section
See also

Monitoring use of Athens accounts in multiple countries

Athens user accounts are automatically disabled if they are:

A report is then sent to the Athens administrators controlling these accounts (for more information please refer to our Security page.

  1. What do I do if I receive one of these reports?

    If you receive a report of suspected misuse of your Athens accounts, it is incumbent upon you to investigate the incident; the owners of the accounts in question will need to be asked how such usage could have occurred. You will need to consider:

    1. whether any disciplinary action as specified by your organisation's procedures for the misuse of electronic services and/or organisational facilities is required.
    2. under what circumstances you will reactivate the disabled accounts.


  2. I've asked the user how this happened and their reply seems legitimate.

    There are a number of scenarios that can cause an Athens account to be used in more than one country (please note that this list is not exhaustive, and is subject to revision at any time):


    • The user says that they travel a lot, and could easily have logged in from three different countries in a single day.
      There are some users who travel widely and take every opportunity to use online resources whenever they can, such as using a laptop in an airport departure lounge. These users are in the minority, but if you do have users that fall into this category you can register their Athens account username with the Eduserv Athens Service Desk to prevent them from being disabled in the future.

      Before you do so, you must be certain that usage of the account in multiple countries is genuine.

    • The user says that although they have visited those countries in the past, they were not in those countries on the day in question.
      It is possible that the user may have allowed their browser's password manager to save their Athens account username and password on a PC or laptop they were using. If they do this while using Athens when travelling, anyone subsequently using the same PC or laptop is enabled to use that Athens account, and all the resources it has access to.

      Even if this was done accidentally, it does not diminish the user's responsibility to maintain the security of their Athens account. The use of browser password managers is discouraged by Eduserv Athens because not only do they hamper memorisation of passwords, travelling users can get into the habit of allowing their passwords to be saved without considering the consequences. Instructions on how to disable browser password managers can be found at the bottom of this page.

    • My organisation allows users to log into a virtual private network (VPN), proxy or remote access services (RAS).

      These services allow remote users to log into their organisation's network and so appear to be on-site for access to local resources, IP authenticated services, etc. By logging into such a service and then using their Athens account, an overseas user can appear to be in the home country of their organisation. If they subsequently log out of their organisation's network but continue to use their Athens account, all subsequent accesses will then be recorded as being from the country they are in.

      If your organisation uses a VPN, proxy or RAS, you can register the relevant IP address range with the Eduserv Athens Service Desk to prevent them from being trapped by our monitoring.

    • The user is on a work placement for an overseas company that uses an internet connection registered in another country.

      The report that you received from Eduserv Athens will include the IP address and hostname information used for each login. The hostname will often include the name of the company concerned; if not, then the IP address can be looked up on free web services such as http://www.dnsstuff.com/. If you still cannot verify the user's account, you should ask the company to supply you with the range of IP addresses that would be used by their staff. This is not secure or confidential information, so they should be able to agree to your request.

    • The user gave their username and password to a data service provider (DSP) support team to troubleshoot an access problem.

      Some Athens DSPs have support operations in more than one country, and if a user supplied them with an Athens username and password, this could result in the account being detected by our monitoring. However, we advise that this should not happen because the DSP then has access to all the other resources that the user has access to. In the interests of commercial confidentiality, the DSP concerned would probably not want other DSPs to have access to their service, however temporary, so we try to discourage it.

      However, the DSP can sometimes still say that the only way of diagnosing the problem is to acquire an Athens username and password. Suggestions on how this can be avoided can be found at the bottom of this page.


  3. The user admits sharing their Athens account details.

    You should follow local procedures for the misuse of electronic services and/or organisational facilities.


  4. Although the user claims they have not shared their account details, their explanation is not persuasive.

    Even if you assume the worst and this user has shared their login details (whether deliberately or accidentally), this incident should serve as a deterrent to sharing them again. Therefore, once the user has come back to you, if you don't think that any purpose would be served by pursuing the matter further, you should warn the user that a repetition could result in disciplinary action specified by your organisation's procedures for the misuse of electronic services and/or organisational facilities, before resetting the password to a new value.


  5. Disabling browser password managers

    The option to remember Passwords can be disabled on browsers. Please follow the instructions for your particular browser (the option can usually be found via the privacy or security options in Tools or Preferences).

    Resource access support issues

    1. If there is a problem for all your accounts with a Service Providers online service, you should feel free to set up a temporary Athens account that only has access to that service, which you can supply to the DSP. That will enable the DSP to see exactly what you are seeing.

    2. The DSP will be using part of the Athens account record to enable saved searches etc to be retrieved automatically. Sometimes, will be the Athens account username, in which case this is all the DSP needs to check the problem on their side.

    3. More often, the DSP uses something called the persistent user ID (PUID), which neither you nor the Athens user can see. However, we can supply the PUID to you or the DSP on request if we are given the Athens account username.

    4. In limited circumstances, e.g. if either or both of the options above have been tried, the username and password can be supplied to the DSP, but we would recommend that this should only happen after the Athens password has been changed to something simple, e.g. abc123. The user can do this in MyAthens, or you could do it for them. When the DSP has resolved the problem, the password can be changed back again. That way, the user's personal password stays private.

 
About us | Contact us | Site map
© Copyright Eduserv - All rights reserved | Terms and Conditions | Privacy policy