Security Tips on Using HKU Portal

Quick Links

Secure Your PIN

Each staff members and student is uniquely identified by an HKU Portal UID (User Identification) and PIN (Personal Identification Number).  As HKU Portal contains personal and departmental information, some of which is limited for access by authorized persons, you are advised to keep your PIN secure and safe from leaking to others. You must not disclose your PIN to others. If you suspect someone knows your PIN, you should change your PIN immediately by clicking here

Your HKU Portal PIN must consist of at least one letter (a-z, A-Z) and one digit (0-9) in the length of 10-18 characters.  You can’t use an old password that has been used in the last 3 password changes.  You will receive an email notification whenever your HKU Portal PIN is changed.

Verify the Authenticity of the HKU Portal Web Site before Login

HKU Portal is authenticated and secured by a digital certificate. To verify the authenticity of HKU Portal,

  1. Click the “Security Lock” button in your browser (for example lock in Chrome). 
  2. Click “More Information > “View Certification” (Firefox)/”Certificate Information” (Chrome)/”Show Certificate””(Safari).
    browser certificate setting
  3. Check if “Issued To” shows “*.hku.hk” and the validity date to confirm the certificate is valid and does not expire.

    the SSL certificate details

    Important: You must not enter your HKU Portal UID/PIN in any website which you suspect to be a fake website, or if the “Security Lock” icon cannot be found, or information in the certificate is invalid.  You should not enter your personal credentials when you see the following warning messages at websites.

    browser showing the site is not private

Do Not Store Your HKU Portal UID/PIN in the Browsers

Remember to disable the auto-fill function in your browser as this will make your HKU Portal UID/PIN available to anyone having access to your PC/mobile device. To turn this function off in Google Chrome, click the Chrome menu icon (3 dots on the top right) > Settings > Autofill > Passwords > turn off Auto Sign-in.
browser auto fill

browser auto sign option off

Suspended Access after Successive Login Failures

Your HKU Portal account will be suspended with successive login failures and an email on “Your access to HKU Portal has been suspended” will be sent to alert you of the account suspension. Users are advised to change their PIN immediately by clicking here.

Automatic Time-out for HKU Portal

There will be an automatic “time-out” when HKU Portal is connected for 4 hours.

The most secure way to protect your personal and confidential information under HKU Portal is to logout and close ALL browsers every time after using HKU Portal or before leaving your PC unattended.

Do not leave an HKU Portal session unattended at any time. If you do not logout, others can access your information using the same computer you used or even change or delete your personal or confidential information under the active Portal session left behind.

Protect Your Computer

Install and update anti-virus software regularly to ensure your PC is having the latest protection. Do not open any suspicious or unknown emails and attachments to reduce the vulnerability to computer malicious codes such as virus and trojan.

1
21

MFA

Multi-Factor Authentication

February 2024
February 2024

Mandatory for all staff accounts

May 2024
May 2024

Mandatory for all student accounts