If you’re a student of the University of Hong Kong and you want to know how to keep your login credentials safe, you’re at the right place.
Your identity is precious. Keep it that way with a few simple precautions listed below.
1. Secure your PIN
Each staff member and a student is uniquely identified by a UID (User Identification) and PIN (Personal Identification Number).
As your HKU portal contains personal and departmental information, some of which is limited for access by authorized persons, you are advised to keep your PIN secure and safe from leaking to others.
You must not disclose your PIN to others. If you suspect someone knows your PIN, you should change your PIN immediately.
Your Portal PIN must consist of at least one letter (a-z, A-Z) and one digit (0-9) in the length of 10-18 characters. You can’t use an old password that has been used in the last 3 password changes. You will receive an email notification whenever your HKU PIN is changed.
2. Verify the authenticity of the portal before you Log in
HKU Login Portal is authenticated and secured by a digital certificate. To verify its authenticity,
- Click the “Security Lock” button in your browser (for example security lock button in Chrome).
- Click “More Information > “View Certification” (Firefox)/”Certificate Information” (Chrome)/”Show Certificate””(Safari).
- Check if “Issued To” shows “*.hku.hk” and the validity date to confirm the certificate is valid and does not expire.
Note: You must not enter your UID/PIN in any website which you suspect to be a fake website, or if the “Security Lock” icon cannot be found, or information in the certificate is invalid. You should not enter your personal credentials when you see the following warning messages on websites.
3. Do not store your UID/PIN in the browsers
Remember to disable the autofill function in your browser as this will make your UID/PIN available to anyone having access to your PC/mobile device. To turn this function off in Google Chrome, click the Chrome menu icon (3 dots on the top right) > Settings > Autofill > Passwords > turn off Auto Sign-in.
4. Suspended access after successive login failures
Your Portal login account will be suspended with successive login failures and an email on “Your access to HKU Portal has been suspended” will be sent to alert you of the account suspension. Users are advised to change their PIN immediately by clicking here.
5. Automatic time-out for HKU login
There will be an automatic “time-out” when the portal is connected for 4 hours.
The most secure way to protect your personal and confidential information under HKU Login is to logout and close ALL browsers every time after using the University of Hong Kong Portal or before leaving your PC unattended.
Do not leave a portal session unattended at any time. If you do not logout, others can access your information using the same computer you used or even change or delete your personal or confidential information under the active Portal session left behind.
6. Protect your computer
Install and update anti-virus software regularly to ensure your PC is having the latest protection. Do not open any suspicious or unknown emails and attachments to reduce the vulnerability to computer malicious codes such as virus and trojan.