Home » Service Catalogue » Information Systems » HKU Portal » Security Tips on Using HKU Portal

Security Tips on Using HKU Portal

  1. Secure Your PIN
  2. Do Not Store Your HKU Portal UID/PIN in the Browsers 
  3. Suspended Access after Successive Login Failures
  4. Automatic Time-out for HKU Portal
  5. Verify the Validity of the HKU Portal Web Site Before Login
  6. Protect Your Computer 

1. Secure Your PIN

Each staff members and student is uniquely identified by an HKU Portal UID (User Identification) and PIN (Personal Identification Number).  As HKU Portal contains personal and departmental information, some of which is limited for access by authorized persons, you are advised to keep your PIN secure and safe from leaking to others. You must not disclose your PIN to others and you will be required to change your PIN regularly every 6 months. If you suspect someone knows your PIN, you should change your PIN immediately by clicking here. 

Your HKU Portal PIN must be assigned with at least one letter (a-z, A-Z) and one digit (0-9) and must consist of 10-18 characters.  You can't use an old password that has been used in the last 3 regular password changes.  You will receive an email notification whenever your HKU Portal PIN is changed.

2. Do Not Store Your HKU Portal UID/PIN in the Browsers 

Remember to disable auto-complete function in your browser as this will make your HKU Portal UID/PIN automatically available to anyone having access to your system. To turn this function off in MS Internet Explorer browser, click Tools > Internet Options > Content tab > AutoComplete button. Then uncheck the box User names and passwords on forms and click OK

Auto Complete - Settings

uncheck user names and passwords on forms

3. Suspended Access after Successive Login Failures

Your HKU Portal account will be suspended with successive login failures and an email on "Your access to HKU Portal has been suspended" will be sent to alert you of the account suspension. Users are advised to change their PIN immediately by clicking here.

4. Automatic Time-out for HKU Portal

There will be an automatic "time-out" when HKU Portal is connected for 4 hours.

The most secure way to protect your personal and confidential information under HKU Portal is to logout and close ALL browsers every time after using HKU Portal or before leaving your PC unattended.

Do not leave an HKU Portal session unattended at any time. If you do not logout, others can access your information using the same computer you used or even change or delete your personal or confidential information under the active Portal session left behind.

5. Verify the Validity of the HKU Portal Web Site before Login

Before login to HKU Portal, you are advised to verify the authenticity of the web site by clicking the "Security Lock" at the low right hand corner of the browser. The HKU Portal is authenticated and secured by a digital certificate.  You must not enter your HKU Portal UID / PIN in any website which you suspect to be a fake website, or if the "Security Lock" icon cannot be found, or information in the certificate is invalid.

Steps to view the Certificate:

a. Click the "Security Lock" icon next to the area where the URL is put and click "View certificates".  The certificate information will pop-up:

Location of Security Lock

Location of Security Lock

View Certificates 

View Certificates

b. In the General tab, verify the certificate contains the following information:

Issued to: hkuportal.hku.hk

Issued by: Equifax Secure Certificate Authority 

Valid from "Date" to "Date" (Check if this certificate is within a valid date) 

Check certificate validation

c. In the Details tab, check the certificate information page and verify the following information:


OU = Equifax Secure Certificate Authority

O = Equifax

C = US


Subject : 

CN = hkuportal.hku.hk  

OU = Domain Control Validated - QuickSSL Premium(R)

OU = See www.geotrust.com/resources/cps (c)10

OU = GT86311881 

O = hkuportal.hku.hk

C = HK


d. In the Certification Path tab, check that the certificate status is OK

Check the certificate status

6. Protect Your Computer

Install and update anti-virus software regularly to ensure your PC is having the latest protection. Do not open any suspicious or unknown emails and attachments to reduce the vulnerability to computer malicious codes such as virus and trojan.