If you are using the UCR Faculty/Staff Portal, R'Space, from a computer that other people have access to, your account is at risk. This includes public computers, such as those in the UCR libraries or the computer labs, and those that you share with friends or family. For the best security, you should not use the Faculty/Staff Portal from a public or shared computer. However, if you do choose to use the Faculty/Staff Portal from a public or shared computer, it is very important that you do not let the web browser store your password, and that you make sure to logout of the portal completely by closing all web browser windows and quitting your web browser program when done.

This portal uses a Central Authentication Service (CAS) for single sign-on, allowing you to login once for multiple web applications, like GROWL and Webmail. Because this is a single sign-on environment, it is more important than ever that you are careful to keep your accounts secure. The following are some recommendations for protecting your accounts against unauthorized access.

A strong password:

• Should be at least 6 to 8 characters long using numbers, lowercase letters, and uppercase letters.
• Should not match your Permanent PIN or your password for any non-UCR systems.
• Should not use easily obtained information such as your initials, name, nickname, birthdate, username or ID numbers.
• Should not use dictionary words, word patterns, or number patterns (e.g. address, aaabbb, zyxwvuts, 123456, etc.).
• Should be able to be typed quickly, without having to look at the keyboard (to decrease the probability that someone might steal your password observing your keyboard).
• Should not be so complicated that it must be written down.

Do Not Share Your Password

• In order to protect your accounts, you should not share your password with anyone else. This is particularly important in a single sign-on environment where your password can be used to access many different applications.
• UCR Staff will not contact you to request your password. Do not give your password to anyone claiming to be a UCR Staff member who contacts you over the phone or via email to request your password. This includes email messages that request that you click on a link in the message to login to your account and update your information.

Do Not Store Your Password in Your Browser

It is recommended that you do not configure your web browser to save forms or remember passwords in order to reduce the chance of other people obtaining access to your accounts.

• In Internet Explorer you can disable this feature by selecting Internet Options from the Tools menu, selecting the Content tab, clicking on the AutoComplete button, and uncheck the boxes for Forms and User names and passwords on forms.
• In Firefox for Windows you can disable this feature by selecting Options from the Tools menu, selecting the Privacy tab, and unchecking the boxes in the Saved Forms and Passwords tabs.
• In Safari you can disable this feature by selecting Preferences from the Safari menu, selecting the AutoFill tab, and unchecking the boxes.
• In Firefox for Macintosh you can disable this feature by selecting Preferences from the Firefox menu, selecting the Privacy tab, and unchecking the boxes in the Saved Forms and Passwords tabs.

Keep Your Computer Clean of Viruses and Spyware

Viruses and spyware can compromise the security of your accounts by collecting and transmitting your account information. To protect your accounts it is important to:

• Scan your computer regularly with an anti-virus program and to keep your anti-virus program regularly updated with the latest virus definitions.
• Scan your computer regularly with an anti-spyware program and to keep your anti-spyware program regularly updated.
• Keep your computer up to date with the lastest security patches. In Windows you do this with Windows Update. On a Macintosh you would use Software Update.
• Avoid clicking on suspicious links and attachments in email.
• Be careful when installing software on your computer since many free and shareware programs contain spyware.

Verify that Your Login is Encrypted

The Faculty/Staff Portal uses encryption technology called Secure Socket Layer (SSL) to help to ensure that your information remains confidential. You should verify that your web browser session with the Faculty/Staff Portal is using SSL by checking that the URL begins with https://rspace.ucr.edu. When logging in, you should always check the address location bar in your web browser before you enter your UCR NetID and password; it should contain the login URL: https://auth.ucr.edu/cas/login.

To ensure the security of your accounts you should completely logout of the Faculty/Staff Portal when you are done using it. In order to be sure that you have logged out completely, it is recommended that you close all browser windows and completely quit your web browser program.

Windows If you are using Internet Explorer version 6 or older you can completely quit out of your web browser by closing all of your browser windows. If you are using a tabbed web browser such as Internet Explorer 7 or Mozilla you should be careful to not just close the tab that you are using for the Faculty/Staff Portal, but to completely quit your web browser program by clicking on the File menu and selecting Exit (or Quit or Close depending upon the browser).
Macintosh If you are using the Faculty/Staff Portal on a Macintosh it is even more important to make certain that you do not just close your browser windows, but that you completely quit your web browser. If you just close your browser windows your web browser will still be running, and another person using your computer would be able to access your account. To completely quit your web browser you should click on the program menu for your web browser, then select Quit. To verify that your web browser is closed, you can check to make sure that there is no arrow under the application's icon in the Dock. If an arrow is displayed under the icon, the browser is still running.

For more information, view the CAS FAQs page.

More about web security at UCR