Security Guidelines
IIT Kanpur Webmail App
Last Updated: February 05, 2026
App Version: 1.25.2
Developer: Computer Centre, IIT Kanpur
Applicability: All users of IITK Webmail App
1. Introduction
These security guidelines provide essential practices for maintaining the security of your IITK webmail account and protecting institutional data. Following these guidelines helps prevent unauthorized access and data breaches.
Important: The security of your account is a shared responsibility. While we provide secure tools, your vigilance is crucial.
2. Password Security
Your password is the first line of defense. Follow these guidelines:
Do's
- ✓Use a strong password (minimum 12 characters with mix of uppercase, lowercase, numbers, and symbols)
- ✓Change your password every 90 days
- ✓Use a unique password for your IITK Webmail
- ✓Enable two-factor authentication if available
Don'ts
- ✗Don't reuse passwords from other services
- ✗Don't share your password with anyone
- ✗Don't write down passwords in unsecured locations
- ✗Don't use personal information (birthdates, names) in passwords
3. App Security Features
Maximize the built-in security features of the app:
Recommended Settings
- Enable PIN Protection: Set up a 4-digit PIN for app access
- Notification Privacy: Hide sensitive content in notifications
Security Configuration Checklist
| Feature | Recommended Setting | Location in App |
|---|---|---|
| App Lock | Enabled | Settings → Security → App Lock |
| Background Sync | Every 30 minutes | Settings → Notifications → Sync Interval |
4. Device Security
Secure the device where you install the app:
- Device Lock: Always use PIN, pattern, or biometric lock on your device.
- Updates: Keep your device OS and apps updated.
- Public Wi-Fi: Avoid using public Wi-Fi.
- App Sources: Only download apps from official stores (Google Play Store, Apple App Store).
- Anti-virus: Install reputable security software on your device.
- Remote Wipe: Enable "Find My Device" features for emergency remote wipe.
5. Safe Usage Practices
Email Handling
- Verify sender addresses before opening attachments.
- Don't click suspicious links in emails.
- Report phishing attempts to cybersecurity@iitk.ac.in.
- Log out after each session on shared computers.
Account Management
- Regularly review connected devices and active sessions.
- Remove unused devices from your account.
- Monitor login alerts and report unfamiliar activities.
- Use official IITK apps only from authorized sources.
Red Flags - Immediate Actions Required
- Unexpected password change notifications
- Emails you didn't send appearing in Sent folder
- Unfamiliar devices in active sessions
- Failed login attempts notifications from unknown locations
If you notice any of these, change your password immediately and contact mailhelp@iitk.ac.in & cybersecurity@iitk.ac.in
6. Phishing Awareness
Learn to identify and avoid phishing attempts:
| Phishing Indicator | What to Look For | Action |
|---|---|---|
| Suspicious Sender | Email doesn't match official IITK domains (@iitk.ac.in) | Don't reply, report it |
| Urgent Language | "Immediate action required", "Account suspension" threats | Verify through official channels |
| Suspicious Links | Hover over links to see actual URL before clicking | Never click unverified links |
| Attachment Risks | Unexpected attachments, especially .exe, .zip, .js files | Scan before opening |
7. Incident Response
If you suspect a security breach:
- Immediate Action: Change your password at chpasswd.iitk.ac.in
- Disconnect: Log out of all sessions from account settings
- Report: Contact mailhelp@iitk.ac.in & cybersecurity@iitk.ac.in immediately
- Scan: Run antivirus scan on your device
- Monitor: Check account activity for suspicious actions
Proactive Measure: Regularly check your account's "Last Login" information and connected devices. Report any discrepancies immediately.
8. Contact & Resources
Immediate Security Assistance
Mail Help Team: Computer Centre, IIT Kanpur
Email: mailhelp@iitk.ac.in (for security incidents cybersecurity@iitk.ac.in)
Phone: +91 512 259 7008 (during working hours)
Emergency: Contact CChelp for after-hours critical issues
Useful Resources
9. Compliance & Policies
As a member of IIT Kanpur community, you are expected to:
- Adhere to IITK IT Policy and Acceptable Use Policy
- Protect institutional data from unauthorized disclosure
- Report security incidents promptly
- Participate in security awareness programs
- Comply with data protection regulations
Note: Violation of security policies may result in account suspension and disciplinary action as per institute regulations.