Protecting Your Villanova Account: How We Identify Unusual Activity

Your Villanova Account is protected by intelligent security measures designed to recognize activity that may not look like you. Similar to how your bank or credit card company may ask you to verify an unusual purchase, Information Security uses adaptive security protections that work quietly in the background to help protect your account. When everything looks normal, you can sign in as usual. If something appears unusual or potentially risky, you may be asked to complete an additional verification step to help confirm it's really you before access is granted.

This approach helps balance security with convenience by applying additional protections only when they are needed. Most sign-ins happen without interruption, while unusual activity receives additional scrutiny to help prevent unauthorized access.

What kinds of activity may require additional verification?

Our security systems automatically look for indicators that suggest a sign-in or account activity may not be legitimate. Examples include:

  • Signing in from an unusual location or device.
  • Activity that differs significantly from your normal sign-in patterns.
  • Attempts to use credentials that are known to have been exposed in a data breach.
  • Sign-in attempts associated with suspicious or malicious network activity.
  • Other indicators that suggest someone other than you may be attempting to access your account.

Why might I be asked to verify my identity?

There are many legitimate reasons why a sign-in may appear unusual. For example, you may be:

  • Signing in from a new device.
  • Traveling and connecting from a different geographic location.
  • Using a new internet connection or public Wi-Fi.
  • Accessing a particularly sensitive University resource (see below)
  • Making important changes to your account or security settings.

When this happens, you may simply be asked to complete an additional verification step before continuing. 

What happens if suspicious activity is detected?

If a sign-in or account activity appears to present an elevated risk, additional protections may be applied automatically. Depending on the situation, you may be asked to:

  • Verify your identity using an additional authentication method.
  • Re-enter your password.
  • Reset your password if there is evidence your credentials may have been compromised.
  • Complete additional security verification before access is granted.
  • Contact the Technology Services Support Center if further review is required.

In many cases, these additional verification steps stop unauthorized access before any harm can occur. 

Below is an example of what you may see:

What is protected?

Our protections safeguard not only you account, but also the University resources and personal information connected to it. Based on your role, this may include:

  • Email and Microsoft 365 data.
  • Payroll and direct deposit information.
  • Student records, registration, and academic information.
  • Research and institutional data.
  • Financial and administrative systems.
  • Files and documents stored in University services.