Frequently Asked Questions
- What is the Harvard PIN System?
- What is a PIN?
- Why is there a website for the Harvard PIN System?
- Why do I need a PIN?
- Who is eligible to get a PIN?
- Will my PIN automatically expire when I leave Harvard?
The Harvard University PIN System is an authentication system. It is used by multiple web sites and web applications, which are affiliated with the University, in order to provide a secure means for Harvard users to access online resources. One of the benefits of this system is that it allows a user to access many different systems using a single login ID and PIN (password).
A Harvard University PIN is a password or passphrase that serves as a secure means of authenticating one's identity through the Harvard PIN System. A PIN adds a level of security to your online activities within the Harvard community.
The PIN website exists to provide information about how to create and manage a PIN, to provide basic information about internet security, and to provide information for website developers wishing to work with PIN. The PIN website is also where you go to request a new PIN or change your existing PIN.
Many online resources that you want to access within the Harvard community require verification of your identity before granting you that access. By supplying a login ID and a password that match, you can authenticate (verify) your identity. To reduce the number of login ids and passwords that users need to remember at Harvard, many systems use the Harvard PIN System to authenticate users, which requires the use of a PIN.
The following people associated with the Harvard University community are eligible to request a PIN and access websites using their PIN:
- Staff and Faculty
- Students and Class Participants (that have been issued Harvard ID numbers)
- Harvard University affiliates (contractors, consultants, etc. who have been issued Harvard id numbers)
- Library Special Borrowers
Your PIN will not automatically expire when you leave Harvard. However, after you leave, if you forget or disable your PIN, it may be difficult to obtain a new PIN. Harvard University does not always maintain address and email records of the people who leave. Therefore, personal contact information quickly becomes outdated. To continue using PIN-protected resources after you leave, make sure that your contact information is up to date before you go.
The Harvard University PIN System, and the systems, data, and other resources that require PIN authentication for access, are only for legitimate Harvard University users. Use may be monitored, and improper use of the PIN System or those resources may result in disciplinary action and civil and criminal charges.
- When should I request a new PIN?
- How do I request a new PIN?
- What is the quickest way to get a new PIN?
- Why did I not receive a PIN activation email after I requested a new PIN?
- To which address is my PIN paper letter sent?
- Why does my PIN activation email contain a long code?
- Where can I get a temporary PIN letter in person?
You should request a new PIN when:
- You do not have a PIN
- You forgot your PIN
- Your PIN has expired
- You are locked out and are not certain if you actually remember your PIN
You may request a new PIN by going to the Request a New PIN option from the PIN website home page and following the instructions to complete the new PIN request process.
You may request a new PIN by going to the Request a New PIN option from the PIN website home page and following the instructions to complete the new PIN request process.
The most efficient means of obtaining a PIN is through email notification and activation. When you request a PIN and select email notification, the PIN activation email is sent immediately.
Note: Be sure that the email address that you will be checking is the same as the email address that is registered with Harvard University. If you are unsure of your registered email, you should check all your active email addresses for notification of PIN-related messages.
Alternatively, you can obtain a PIN by mail. Mail notification may take 3-10 business days for processing. When you receive your PIN letter in the mail, follow the instructions provided to complete the process.
A third option is to request a temporary PIN letter in person. See the Campus Services website for locations and hours for PIN letter printing.
Note: PIN letters sent by mail or received in person contain temporary PINs and have an expiration date. Be sure to complete the process as soon as you receive your letter to avoid having to repeat the process.
For security reasons, we cannot reveal the address that will be used for delivery of the letter containing your temporary PIN. However, the following rules are used to determine that address:
- On-campus addresses take precedence over off-campus addresses
- Office addresses take precedence over residential addresses
- Residential addresses are used for delivery to retirees, pending students, and those who do not have an on-campus and/or office address
- Original home addresses are used for delivery to undergraduates throughout the summer, regardless of any other address on record.
For security reasons, the PIN activation email contains an encrypted code along with the instructions for activating your PIN. You will have two options when activating your PIN. You can click link contained in the email with the encrypted code and get taken to the PIN website, or, you can copy and paste the URL from the email into your web browser and then copy the encrypted code into the appropriate field once you reach the PIN website.
The PIN activation email is sent to the email address that is listed in the Harvard University Directory. The address may be out-of-date. To change the email address that is registered with Harvard, contact your current department or school so they can update your records; and then repeat the PIN request process.
You may visit the Harvard Campus Service Center. Please be prepared to show identification.
- What is meant by a strong PIN?
- Why does the University require me to have a strong PIN?
- How do I create a strong PIN?
- Can you give me some tips on creating a strong PIN?
- Why does the PIN System not accept the PIN I want to create?
- Why am I being told to update my PIN?
A strong PIN is a PIN that meets specific criteria, as layed out by Harvard University PIN guidelines. Those guidelines exist in order to enhance security by making sure that users create PINs that are hard to guess.
The short answer is to increase security. University online systems are a gateway to information. Your login ID and PIN allow you to access many different applications and websites. Some information is clearly sensitive, confidential, and/or private. Even relatively non-sensitive information is still a University resource that is being secured for access by affiliates only.
The requirements for choosing a strong PIN are outlined in the Harvard University PIN guidelines, which are found here:
There are a number of ways to come up with a PIN that satisfies the strong PIN requirements. A few of the ways include:
- Use a passphrase (a series of three or more words, separated by space(s))
- Use the first or last characters of the words in a phrase or poem
- Combine a few deliberately misspelled words and add some punctuation
- Create nonsense "words" that sound like English words but are not and add a number or two
Still unsure? Use our PIN suggestion tool on the Harvard University PIN guidelines page to get a sample of a strong PIN:
A strong PIN has specific requirements that must be met to make sure that users create PINs (passwords) that are hard to guess. Learn what those requirements are by checking out the Harvard University PIN guidelines here:
Before 2004, the PIN System stored some PINs in a secure but limited format. You are part of a small set of users that need to request a new PIN so that the PIN System can store it in the current format. If your old PIN meets our current security guidelines for a strong PIN, you will be able to reuse it. Otherwise, you will need to choose a new PIN.
- Why do I not have to login all the time?
- Why am I required to login only sometimes or for certain websites?
- How can I ask the Harvard PIN System not to "Remember Me"?
- How am I logged into multiple websites even though I only logged in once?
- How do websites know who I am when I did not log into them?
- What is the benefit of this (Single Sign-On) PIN feature?
- Why am I being prompted to enter my credentials if I've already logged in and not closed my browser?
- How do I logout of the Harvard PIN System?
Why do I not have to login all the time?
Why am I required to login only sometimes or for certain applications?
Anytime you login, the PIN System remembers who you are without the need for you to login to every website. Your browser can "remember" this information. By default, PIN will remember you as long as a window in the browser you used to login with is open. While the PIN System does not ask you to login each time, websites are still asking the PIN System who you are and the PIN System uses your browser's "memory" to answer this question.
Closing the browser tells the browser to "forget" you, thereby preventing anyone else who may use that same machine from logging in as you.
The PIN system may ask you to reenter your PIN/password in the following scenarios:
- You clicked on the Logout link/button.
- You haven't entered your password recently.
- You are trying to use certain sites which may force PIN to make you login based on their comfort with how long your login should be remembered.
- You are accessing a site that does not allow users to be remembered.
You can sign out of PIN at any time by clicking the Logout link on the PIN pages or on the Logout button/link that a website may provide. Alternatively, you can close your browser.
By default, PIN creates a record of your login asserting that you have authenticated, which only lives as long as the browser with which you logged in is open.
Websites typically opt to only allow a login to last for as long as you have your browser open, i.e. they are fine accepting an authentication, even though you logged into another application, as long as it happened within the same browser session. A few websites may require you to log in every time you go there.
When you logout of PIN, the record of your login is deleted.
Remembering your login state makes switching from one PIN-protected website to another more convenient. Furthermore, some applications display information from multiple websites at the same time. If those applications are PIN-protected, a user may need to login several times to make that application work in the absence of Single Sign-On.
PIN saves your login ID so you do not have to reenter this information each time you want to access a website. This feature only works for sites that allow it. When you logout of the PIN System, you will no longer be automatically logged in.
Why am I being prompted to enter my credentials if I've already logged in and not closed by browser?
This can happen for the following reasons:
- The website or application you wish to use has a set a short time limit for the login record that PIN maintains.
When a site registers with the PIN System, it specifies the amount of time that can elapse before PIN requires a user to manually login again. If you are required to login again manually, it could be because the site requires such a login more frequently. Some sites require a manual login for every visit.
- The type of browser (IE, Firefox, etc.) with which you logged in and the type of browser you are currently using are different.
- Your browser may not have cookies enabled.
Cookies are used by websites to save bits of information within your web browser. Most web browsers come with default settings that allow any kind of cookie to be used. Modifying the default settings may impact how this feature works.
Your browser must be set up to allow cookies from the PIN URL, www.pin1.harvard.edu and login.pin1.harvard.edu. Every browser supports cookies differently. Check your browser's help file for information about setting up your cookie preferences.
- Your computer's network address has changed since you last logged in.
Each computer connected to the Internet has a network address, similar to a phone number that allows other computers to communicate with it. Many computers, especially laptop computers, computers with wireless or dial-up connections, or computers on a VPN (Virtual Private Network) have addresses that can change frequently, often without your knowledge. If your network address has changed since the last time you logged in, you will be asked to manually reenter your login ID and PIN/password. This ensures that no one duplicates your login on another computer and impersonates you.
You can end your logout of the Harvard PIN System through the Logout menu option located on any Harvard PIN System page, or by clicking on the link below. It is recommended that you bookmark the logout page so that you can easily end your login session at any time.
When you go to the PIN logout page, you are simply ending your login session with the Harvard PIN System. However, other sites that you have recently accessed may still consider you to be logged in. You may want to close this browser window and see those applications' Help pages for information on how to logout.
- Why does the PIN System block browser auto-complete functions?
- The PIN system used to allow me to “remember” my login id across browser sessions (or machine restarts) by selecting a “Remember me” button. Why was this removed?
Recent versions of web browsers prompt users to save login ID's and passwords for various sites. Although this feature is useful, it puts protected information at risk. When you save your password to the browser, it is likely that your password is now available to anyone who uses that computer. Since the PIN System protects a wide range of Harvard resources, including Harvard confidential information, saved passwords are an unacceptable security risk. This is why the PIN System blocks use of this browser feature.
Why do I get a "Security failure. Data decryption error" message when I try to login using Microsoft Internet Explorer on a Mac?
Previous versions of the PIN system used to cache a user’s credentials (securely) when that button was selected across sessions. However, under some conditions this also meant that people could then usurp your identity on those machines where you selected this option. We have since removed this feature.
A side-effect of this feature was presenting just your login-id if you tried accessing an application that “timed” you out. Although helpful, since we’re not saving your information on the machine anymore we cannot offer this feature easily.
- How do I change my current PIN?
- I know I once had a PIN, but graduated and forgot it. What should I do?
- I let my temporary PIN expire. Now what should I do?
- How can I update my official email address so I can get a PIN via email?
- I saw the message "Your login was successful." Why am I still not able to access the website that I am trying to get to?
- Why does my HUID and PIN not allow me to access the site I want to view?
- What is the difference between my Harvard University PIN and a computer password?
- Why am I being asked for a login type?
- I tried to login several times but failed and I am now locked out. What should I do?
- Why is my password locked?
- Why has my password expired?
- Why do I have a temporary password?
You can change your current PIN at any time by selecting the Change Your Existing PIN option from the PIN System home page.
If you still have access to your official email address, you should go through the password reset process. Unfortuantely, there is currently no business process in place to update your mailing address or email address in order for you to request a new PIN after you graduate. As an alumnus/ae of Harvard, you may want to pursue access via the post.harvard login type and password; there you may be able to access resources available to alumni.
You should request a new PIN.
Students should contact their Registrar. FAS students may update their official email at my.harvard.edu. Employees should contact their local directory contact. The HUIT Support Center (617.495.7777) can assist you with locating a directory contact.
I saw the message "Your login was successful." Why am I still not able to access the website that I am trying to get to?
There are 2 scenarios that may be going on. (1) The target website / application may be down or unavailable. (2) After you login through the PIN System, the web site or application you are trying to access will perform an additional check to determine if you are authorized to do so. If you are not authorized, the site may display some sort of message to let you know. If you feel that you should have access to the site, you should follow any instructions that the message may give or attempt to contact the site to get more help.
Having a PIN does not give you permission to access specific websites or applications. The academic or administrative groups responsible for specific sites manage who is allowed to have access. If you believe you should be able to access a specific site, you must contact the local site administrators. Authorizing access to specific sites is not a Harvard PIN system function.
Your Harvard University PIN is the password that is used in conjunction with your Harvard University ID to login through the Harvard PIN System. You should only be using your PIN with the PIN system (and very few other tools such as FAS Network Admin, and VPN). You will usually have other login ids and passwords that you use to login to computers or access other online resources or applications. It is also possible that another system you access uses your Harvard University ID (HUID) as a login id in combination with a different password.
You are being asked for a login type because some PIN-protected applications are available to multiple groups of users. Those groups use login types other than the traditional Harvard University ID and PIN. Applications that accept only a single login type display only that login type by default. Applications that accept multiple login types provide users the option to select a login type. Available login types are:
- Harvard University ID (HUID)
- XID login
- Post.Harvard login
- HMS eCommons login
- Active Directory (FAS/Central Admin)
Why does the PIN System give me a cryptic error code when I fail to login successfully, but not tell me what I am doing wrong?
By limiting the information that is revealed, security is increased. The PIN system always informs a user about the success or failure of their authentication or any other action required on their part. The error code is additional diagnostic information relevant only to the help desk and system owners.
The PIN System will allow you to try again in two hours. However, if you enter an incorrect PIN again, you will be locked out for another two hours. At this point it may be faster and easier to request a new PIN.