|
What is BGSU authentication?
Authentication is the process used to verify your identity before allowing you to access certain protected web resources at
BGSU.
Is my authentication password secure?
Yes, absolutely. When you login to the BGSU intranet, your password is encrypted before it's sent to the web server. Your
password is encrypted again before it is sent to the database server. Only encrypted passwords are stored in the database.
Not even ITS administrative personnel know your password.
What is my BGSU ID?
Your BGSU ID is your personal identification number (PIDN, pronounced "pidden") at Bowling Green State University. All students,
faculty, and staff have PIDNs. Your PIDN is of the form P001234567. All characters except for the "P" are numerals.
What is my BGSU e-mail Username?
Your BGSU e-mail Username was given to you when you applied for a BGSU e-mail account. It is 2-8 alphanumeric characters in
length.
I don't have a BGSU e-mail Username. What should I do?
In order to have a BGSU e-mail username, you must be registered for a BGSU e-mail account. For more information on registering
for a BGSU e-mail account, go to to the e-mail information page for instructions.
What is my Authentication Password?
Your authentication password is the same password you use to check e-mail. If you are currently a BGSU faculty or staff member
or a registered student, it is also the same password you use to access the personal web server. These three servers (authentication,
e-mail, personal) share a single password, which is kept in synch automatically by the BGSU Authentication system. Every time
you change your authentication password, you automatically change both your e-mail password and your personal web server password.
Is my Authentication Password the same as my BGUnix Password?
No, your Authentication Password is different than your BGUnix Password unless you choose to make them the same. Note: The
only place you may change your BGUnix Password is on the Unix command line. Only registered BGSU students and current BGSU
faculty and staff members are eligible for a BGUnix account.
I don't know my Authentication Password. What should I do?
If you don't know or have forgotten your authentication password, please contact the Technology Support Center at 372-0999
or stop by the office in Hayes 110 for assistance. Check the TSC web site for office hours.
Does BGSU authentication require a particular browser?
BGSU Authentication requires Microsoft Internet Explorer Version 6.0 (or later) or Netscape Navigator Version 7.1 (or later).
Other browsers may work, but we do not support them.
Other BGSU web applications (in particular, MyBGSU) require one of the following supported browsers:
Legend:
NR = Not Recommended
NA = Not Applicable
'+' = or newer
Unfortunately, we will not be able to answer any of your technical questions should you choose to use any browser other than those listed above.
What is JavaScript?
JavaScript is a client-side scripting language developed by Netscape to add interactivity and functionality to web documents.
Possible uses of JavaScript include live clocks, rollover effects, scrollers, form validation, and so on. JavaScript is relatively
easy to learn, even for people with little or no programming experience.
Does BGSU authentication use JavaScript?
Yes, BGSU authentication uses JavaScript to validate user input and generally enhance the functionality of authenticated web
applications.
To test if your browser has JavaScript enabled, press the following button:
If an alert pops up, your browser has JavaScript enabled.
When I try to authenticate, it complains that JavaScript is not enabled. What should I do?
Javascript must be enabled in your browser for BGSU Authentication to work properly. Enabling JavaScript requires you to adjust
your browser's settings.
Click on the desired platform (PC or Mac) to see guided instructions on how to enable JavaScript on your browser. You can
click on the browser name to download the latest version of that browser:
Legend:
NR = Not Recommended
NA = Not Applicable
'+' = or newer
What is a cookie?
A cookie is a small piece of information sent to your web browser by a web server to be stored for future reference. Once
your browser has accepted and saved the cookie from a particular server, every time you request another page from that server,
the browser includes a copy of that cookie as part of the request. Cookies are returned only to the web server from which
they were issued, and to no other web server.
By detecting a cookie's presence, a web site can determine whether you have visited the site before. By examining the cookie's
contents, a server can coordinate access to different pages on the site. For example, an Internet shopping site uses cookies
to keep track of which shopping basket belongs to you and what items are in the basket.
Contrary to popular belief, cookies are not dangerous. In particular, they do not contain executable code, and thus cannot
launch an application or propogate viruses. A web site cannot use a cookie to discover new information, such as your name
or e-mail address or anything else about you or your computer. In fact, the cookie mechanism is mature, well defined, and
quite harmless.
Does BGSU authentication use cookies?
Yes. BGSU authentication uses a cookie to identify you as a user who has authenticated into the system. This cookie is visible
to servers inside the bgsu.edu domain only and expires automatically when you quit your browser.
The BGSU cookie does not contain sensitive data. It contains a session ID that identifies you as an authenticated user as
you browse the BGSU intranet. In this way, it is not necessary for you to re-login to various servers. This is called single sign-on.
To test if your browser has cookies enabled, first test JavaScript above (since the cookie test requires JavaScript), and then press the following button:
If an alert pops up, your browser has cookies enabled.
When I try to authenticate, it complains that cookies are not enabled. What should I do?
Enabling cookies on your browser requires that you modify your browser's settings. The actual procedure varies depending on
the platform (Mac or PC) and the version of browser used.
Click on the desired platform (PC or Mac) to see guided instructions on how to enable cookies on your browser. You can click
on the browser name to download the latest version of that browser:
Legend:
NR = Not Recommended
NA = Not Applicable
'+' = or newer
BGSU Authentication Security FAQs
What is the difference between URLs that starts with "https" instead of the usual "http"?
The "s" in "https" stands for "secure". When a browser requests a URL beginning with the letters "https", the corresponding
page is encrypted (with SSL) before it is transmitted over the network. That is, the page is secure.
What is SSL?
Secure Sockets Layer (SSL) is a technology developed by Netscape to provide encryption services between client browsers and web servers. All data transmitted over SSL is encrypted and therefore
secure.
What version(s) of SSL does the BGSU intranet support?
The intranet server supports SSL v2.0 and SSL v3.0, as well as TLS v1.0.
What is TLS?
Transport Layer Security (TLS) is an extension of SSL v3.0 proposed by the Internet Engineering Task Force (IETF).
What are the benefits of SSL?
SSL provides privacy, integrity, and authentication services. Since data are encrypted, the privacy of transmitted data is
ensured. SSL also guarantees that data are not tampered with in transit, that is, the integrity of the data is maintained.
Finally, since data transmitted via SSL are digitally signed, the identity of the sender and receiver are ensured.
Do I need to install any special software to take advantage of SSL encryption services?
No, SSL support is built into popular browsers such as Microsoft Internet Explorer and Netscape Navigator.
Are browsers and web servers that use SSL slower than those that don't?
Yes, you may notice a slight delay as your browser and the server negotiate an SSL session. Once the session is started, however,
the SSL encryption process should proceed smoothly without noticeable degradation in performance. In other words, you might
see a short delay at first, but after that there should be no noticeable delay.
Does BGSU own an authentic, signed digital certificate for SSL encryption purposes?
Yes, digital certificates have been purchased from Verisign, a well-known Internet Certification Authority (CA).
Is the BGSU intranet equally secure regardless of where I login from?
No, unfortunately not. If you login from a computer on the BGSU campus, you can be very confident that your authentication
session is secure. Such is a major advantage of our new network infrastructure. If you login from off campus, however, your
transmission travels through networks we have little control over. Fortunately, the use of SSL minimizes the possibility of
eavesdropping and other security threats, so SSL is even more crucial for secure connections from distant locations.
What can I do to increase my level of security while logged into the BGSU intranet?
Without a doubt, the single most important thing you can do to protect yourself while accessing the BGSU intranet is to logout
when you are done! When you logout, your authentication session is invalidated, which makes it very difficult (if not impossible)
for someone else to impersonate you and thereby gain unauthorized access to your private data.
Are there other things I can do to increase security?
Yes, do not give your password to anyone! If you think the privacy of your password has been compromised, use the change password
utility to change it. It's easy, and we recommend you do this on a regular basis anyway.
|
