Security risk: Change your Web of Science personal password


Thomson Reuters, the producers of the Web of Science platform, have recommended that you should change your password if you have registered with your own personalised account on any of their services. (Note you do not need to take any action if you simply access Web of Science via the University Portal. This change is only recommended if you have ever set up your own personal password).


The password change is recommended if you have a personal registration with any of the following: Web of Science, ResearcherID, EndNote, Thomson Innovation, Cortellis, or InCites. Note you only need to change your password on one of these services; since the password is shared across all of these services the password change will automatically be applied to each of the services you are registered with.


To change your Web of Science password:


Go to the University Portal

In the Resources tab select A-Z list of online resources

Then choose, W, then Web of Science – All Databases

In Web of Science, in the top right hand corner select Sign in

Sign in as usual

Then again in the top right hand corner choose your Sign in name, then Settings, then Edit My Information.

In your details listing: enter your Current Password and enter your New Password (twice)


Note they have strict rules for their passwords:

Must be 8 or more characters (no spaces) and contain:

at least 1 numeral: 0 – 9

at least 1 alpha character, case-sensitive

at least 1 symbol: ! @ # $ % ^ * ( ) ~ `{ } [ ] | \


See below the full-text of the Thomson Reuters message:


“Thomson Reuters is aware of the widely reported ‘Heartbleed’ vulnerability impacting certain versions of the OpenSSL web encryption program. The vast majority of our business applications do not rely on OpenSSL for web encryption and do not have exposure to this vulnerability.


Thomson Reuters takes the privacy and security of our customers’ information very seriously and are working to identify and remediate any servers which may be impacted by an unsecured version of OpenSSL.


While most of our services are unaffected, we identified that Thomson Reuters products use a version of OpenSSL that may have been vulnerable. We have taken remediation steps to secure the server.

While there is no evidence that any customer information has been compromised, we suggest changing your password as a precautionary measure.  Please note: If you are also a subscriber to Thomson Innovation, Cortellis, ResearcherID, Web of Science, EndNote or InCites, and have changed your password, then this shared password only needs changing once.


As part of our assessment and remediation efforts, we will continue our vigilant monitoring programs to protect our customers’ information and continue to provide updates as appropriate.


Thank you for your attention to this matter.”




Clare Allan

Subject Librarian






Leave a Reply

Your email address will not be published. Required fields are marked *