You should be concerned about the security of your data. Here's what we're doing to protect
it.
Passwords
Due to a request from Harvard College, we ask that you choose a password other than your
FAS password when using houseSYSTEM. This is a precautionary measure.
We authenticate your password by using a SHA-1 hash, a unique string based on your
password that is generated by an algorithm called SHA-1. Since the hash is not an encoded
version of your actual password, it cannot be decoded. When you attempt to sign into houseSYSTEM,
we compare the SHA-1 hash generated by what you type in to the stored SHA-1 hash of your password.
In other words, your plain text password is never stored on any permanent storage device in
any form. More information on SHA-1 is available at http://www.faqs.org/rfcs/rfc3174.html.
If you previously signed into houseSYSTEM using an MD5 hash, your MD5 hash will be destroyed
the next time you sign in, and automatically replaced with a SHA-1 hash.
Secure Sign In
At the current time, Secure Sign In via SSL is not enabled by default on houseSYSTEM. It is,
however, available through the Harvard Yard web site by clicking on the "Secure Sign In" link
on any houseSYSTEM home page. Secure Sign In uses a 128-bit SSL certificate to encrypt any data
you send to houseSYSTEM, such as your password. This is the best measure we can offer to ensure
that your connection is safe from anyone who might be viewing network traffic. Since the SEC's
SSL certificate is self-signed, your web browser may display an error message when you click on
the "Secure Sign In" link. This is normal, and the certificate will still function
correctly.
Equipment
The relational database system where your password's hash is stored is protected by
passwords known only to the SEC and, in the event of a system failure, the SEC's internet
service provider. The server on which the database system resides is monitored constantly
for suspicious activity and overall stability.
SEC / Harvard College Relationship
For more information on the SEC and its relationship to Harvard College, visit http://www.harvardsec.org/about/index.html.
houseSYSTEM is not endorsed by FAS Computer Services (FASCS).
