Home » Service Catalogue » Information Systems » HKU Portal » Security Tips on Using HKU Portal

Security Tips on Using HKU Portal

  1. Secure Your PIN
  2. Verify the Authenticity of the HKU Portal Web Site before Login
  3. Do Not Store Your HKU Portal UID/PIN in the Browsers 
  4. Suspended Access after Successive Login Failures
  5. Automatic Time-out for HKU Portal
  6. Protect Your Computer 

1. Secure Your PIN

Each staff members and student is uniquely identified by an HKU Portal UID (User Identification) and PIN (Personal Identification Number).  As HKU Portal contains personal and departmental information, some of which is limited for access by authorized persons, you are advised to keep your PIN secure and safe from leaking to others. You must not disclose your PIN to others and you will be required to change your PIN regularly every 6 months. If you suspect someone knows your PIN, you should change your PIN immediately by clicking here. 

Your HKU Portal PIN must be assigned with at least one letter (a-z, A-Z) and one digit (0-9) and must consist of 10-18 characters.  You can't use an old password that has been used in the last 3 regular password changes.  You will receive an email notification whenever your HKU Portal PIN is changed.


2. Verify the Authenticity of the HKU Portal Web Site before Login

HKU Portal is authenticated and secured by a digital certificate. To verify the authenticity of HKU Portal,

  1. Click the "Security Lock" button in your browser (for example security lock button in Internet Explorer 11). 
  2. Click "View certificates" (IE)/”More Information > "View Certification" (Firefox)/"Certificate Information" (Chrome)/"Show Certificate”"(Safari).
  3. Check if "Issued To" shows "hkuportal.hku.hk" and the validity date to confirm the certificate is valid and does not expire.

    Certificate

    Important: You must not enter your HKU Portal UID/PIN in any website which you suspect to be a fake website, or if the "Security Lock" icon cannot be found, or information in the certificate is invalid.  You should not enter your personal credentials when you see the following warning messages at websites.

    warning on website's security certificate - IE

    warning on website security - Chrome

3. Do Not Store Your HKU Portal UID/PIN in the Browsers 

Remember to disable auto-complete function in your browser as this will make your HKU Portal UID/PIN automatically available to anyone having access to your system. To turn this function off in MS Internet Explorer browser, click Tools > Internet Options > Content tab > AutoComplete button. Then uncheck the box User names and passwords on forms and click OK

Auto Complete - Settings

uncheck user names and passwords on forms


4. Suspended Access after Successive Login Failures

Your HKU Portal account will be suspended with successive login failures and an email on "Your access to HKU Portal has been suspended" will be sent to alert you of the account suspension. Users are advised to change their PIN immediately by clicking here.


5. Automatic Time-out for HKU Portal

There will be an automatic "time-out" when HKU Portal is connected for 4 hours.

The most secure way to protect your personal and confidential information under HKU Portal is to logout and close ALL browsers every time after using HKU Portal or before leaving your PC unattended.

Do not leave an HKU Portal session unattended at any time. If you do not logout, others can access your information using the same computer you used or even change or delete your personal or confidential information under the active Portal session left behind.


6. Protect Your Computer

Install and update anti-virus software regularly to ensure your PC is having the latest protection. Do not open any suspicious or unknown emails and attachments to reduce the vulnerability to computer malicious codes such as virus and trojan.