houseSYSTEM Space
House Space
Space School Space
Space
Pforzheimer House Space Space
Space
Space
Space Shield Pforzheimer House / Space
Space

Security Statement

You should be concerned about the security of your data. Here's what we're doing to protect it.

Passwords

Due to a request from Harvard College, we ask that you choose a password other than your FAS password when using houseSYSTEM. This is a precautionary measure.

We authenticate your password by using a SHA-1 hash, a unique string based on your password that is generated by an algorithm called SHA-1. Since the hash is not an encoded version of your actual password, it cannot be decoded. When you attempt to sign into houseSYSTEM, we compare the SHA-1 hash generated by what you type in to the stored SHA-1 hash of your password. In other words, your plain text password is never stored on any permanent storage device in any form. More information on SHA-1 is available at http://www.faqs.org/rfcs/rfc3174.html.

If you previously signed into houseSYSTEM using an MD5 hash, your MD5 hash will be destroyed the next time you sign in, and automatically replaced with a SHA-1 hash.

Secure Sign In

At the current time, Secure Sign In via SSL is not enabled by default on houseSYSTEM. It is, however, available through the Harvard Yard web site by clicking on the "Secure Sign In" link on any houseSYSTEM home page. Secure Sign In uses a 128-bit SSL certificate to encrypt any data you send to houseSYSTEM, such as your password. This is the best measure we can offer to ensure that your connection is safe from anyone who might be viewing network traffic. Since the SEC's SSL certificate is self-signed, your web browser may display an error message when you click on the "Secure Sign In" link. This is normal, and the certificate will still function correctly.

Equipment

The relational database system where your password's hash is stored is protected by passwords known only to the SEC and, in the event of a system failure, the SEC's internet service provider. The server on which the database system resides is monitored constantly for suspicious activity and overall stability.

SEC / Harvard College Relationship

For more information on the SEC and its relationship to Harvard College, visit http://www.harvardsec.org/about/index.html. houseSYSTEM is not endorsed by FAS Computer Services (FASCS).


Last Updated August 12, 2003 at 11:02 PM.

Space

Copyright © 2002-2004 Think Computer Corporation. All Rights Reserved.

Questions? Comments? Problems? Send Us E-Mail.

Powered by Lampshade

Space
houseSYSTEM is not endorsed by or operated by Harvard University.
Space
Questions? Comments? Problems? Send Us E-Mail.