Internet Security

Printer-friendly version

The following information explains how to enhance security when using the PIN System, and while you are on the Internet in general, and should help control certain risks when using your personal computer.

Refer to www.security.harvard.edu for additional information and University policies.

Personal Computer (PC) Security

  • Control physical access to your personal computer to prevent unauthorized persons from accessing your personal information and from using applications that only you have permission to access
  • When you need to walk away from your computer for any reason, logout or lock your system by enabling a password-protected screen saver.
  • Do not use web browser functionality that allows you to save passwords for websites on your local machine.

PIN Security

  • Never share your PIN with anyone
  • Never write down your PIN
  • If your new temporary PIN is printed on paper, store the document in a secure location until you change your temporary PIN to a permanent one.
  • Select a PIN that would be difficult for others to guess.  For example, do not use birthdates, the names of pets or family members, favorite places, numbers, or words. Do not create PINs that are associated with real contact information such as addresses or phone numbers.
  • Change your PIN on a periodic basis.
  • Only enter your PIN on official Harvard University PIN System sites

Internet Security

To ensure Internet security we recommend that you:

  • Understand and use the security features provided by your operating system, web browser, and other applications.  For example, if an error message displays saying that a security check has failed, do not proceed until you have confirmed that the information is coming from a trusted source.
  • Ensure that your browser uses the strongest encryption available and be aware of the level of encryption used when you connect to various sites and applications.  For example, many PIN-enabled sites use 128-bit encryption.
  • Keep your computer up-to-date with the latest versions of software and security patches.  If your web browser does not offer the level of security you desire, select a link below to obtain a more recent version.

Browsers capable of 128-bit encryption or greater may be subject to government restrictions for individuals who are not citizens or permanent residents of the U.S. or Canada.

Encryption/Browser Check

To access websites or applications that require your PIN, your web browser must support at least 40-bit encryption.  Encryption is the scrambling of information into an unreadable code that only the person (or computer) with the key can decode.  Encryption keys range in length from 40 to 168 bits -- in general, the larger the key size, the greater the level of security.

SSL is security feature that:

  1. verifies the identity of the server to which you are connecting;
  2. confirms that a digital certificate was generated by a trusted source;
  3. matches a website name to the website address; and
  4. provides secure encryption of transferred information.

All modern browsers support SSL.  Web pages that use SSL begin with the prefix "https" rather than "http".  You will generally see the icon of a closed padlock or a solid, unbroken key to indicate that SSL is enabled.

Cache

Data you view on the web is typically stored by the web browser in temporary memory or in a file on your computer's hard drive known as a "cache".  Closing the web browser will eliminate information stored in temporary memory, but the hard drive cache may be available to subsequent users of your computer.

We recommend that you clear your web browser's cache periodically.  For information on how to clear your cache, refer to your web browser's help pages.

PIN-enabled Applications

Academic or administrative offices that release websites or applications requiring PIN authentication are responsible for controlling access to the data, and ensuring the security of the server that stores the information.  These sites may have different privacy policies and/or security standards.  When establishing an Internet connection to a remote source, follow the recommendations for PC security, PIN Security, and Internet Security.  If you have concerns about the security of the information, contact the system administrator of that site.

Many PIN-enabled applications display highly confidential information.  To ensure security we recommend that you:

  • Avoid using these applications from a 'kiosk' or other shared computers.
  • Check your web browser's configuration and confirm that it is not saving your windows or tabs.
  • Check your web browser's configuration and confirm that it is not creating a disk cache
  • Logout of a website or application and then close your browser after viewing confidential information
  • Always remember to logout of the PIN System when you are finished using PIN-protected applications.  Navigating to another site does NOT log you out of the PIN system.  You must go to the PIN website to logout.  Bookmark the Logout page for quick access.

The following information explains how to enhance security when using the PIN System, and while you are on the Internet in general, and should help control certain risks when using your personal computer.

Refer to www.security.harvard.edu for additional information and University policies.