UMass policies as well as state and federal laws require Personal Identifiable Information (PII) to be protected from unauthorized access.
Digital certificates can be used to encrypt communications as well as verify a website's authenticity. This is important when sensitive information is being transferred to and from a website. If data is not encrypted, it is viewable while in transit. It is also important to know that you are logging into a valid site. Most sites will now also have green EV Certs or Extended Validation Certificates. Green means Go.
Providing your login credentials to an imposter site could ultimately allow access to sensitive university data.
Tips for accessing a website dealing with sensitive data
- Make sure the site that you are connecting to is using encryption. One easy way to verify this is that the site address is https:// (the "s" is for secure).
- Make sure the site that you are logging into has a green EV Cert or Extended Validation Certificate. All UMassD (myUMassD Portal, Outlook email, myCourses, etc.) and UMass systems (HRDirect, PeopleSoft Finance, COIN, etc.) sites requiring your UMassD login information will have EV Certs.
- If there is no green EV Cert, do not enter your information. This includes your personal email login information as well (online banking, shopping, etc.). Green means Go.
- Do not use a search function for the website you want to access; instead, type the URL directly into your web browser. It is easy to accidentally find an imposter website instead of the legitimate site.
- Validate the website by clicking on the padlock icon. The digital certificate should match the URL and be signed by a trusted third party such as Verisign or Thawte.
- Please take a certificate warning from your web browser very seriously as it may indicate you are accessing a hostile site. Confirm the site's URL.
- See examples below of green EV Cert browser bars.