Digital certificates

UMass policies as well as state and federal laws require Personal Identifiable Information (PII) to be protected from unauthorized access.

Digital certificates can be used to encrypt communications as well as verify a website's authenticity. This is important when sensitive information is being transferred to and from a website. If data is not encrypted, it is viewable while in transit. It is also important to know that you are logging into a valid site.

Providing your login credentials to an imposter site could ultimately allow access to sensitive university data.

Tips for accessing a website dealing with sensitive data

  • Make sure the server you are connecting to is using encryption. One easy way to verify this is that the server address is https:// (the "s" is for secure).
  • Do not use a search function for the website you want to access; instead, type the URL directly into your web browser. It is easy to accidentally find an imposter website instead of the legitimate site.
  • Validate the website by clicking on the padlock icon. The digital certificate should match the URL and be signed by a trusted third party such as Verisign or Thawte.
  • Please take a certificate warning from your web browser very seriously as it may indicate you are accessing a hostile site. Confirm the site's URL.