General:

There are various web servers on campus that require users to log in to access information. There has been concern over identity theft on the web and many institutions have decided to discontinue the use of Social Security numbers as a web site login ID. Data encryption (*SSL) has also become a required standard for academic web sites displaying private information.

Who:

Any IIT faculty or staff member/department responsible for maintaining web sites that require users to log in.

Required Security Measures:

The use of social security numbers as the log in ID is not allowed. However there are exceptions due to some of the older systems running on campus. All those systems are in the process of being upgraded by the software companies. The web sites using social security numbers as the log in ID require a separate password field and are required to run SSL encryption.

Web sites that require users to log in with a unique ID other than their social security number do not necessarily require SSL. SSL is required if your web site provides access to personal or sensitive information. An open discussion bulletin board is a good example of what wouldn't require SSL.

More Information:

Introduction to SSL
http://verisign.com

Policing:

Computer and Network Services department reserves the right to remove violators of this policy off the IIT's network.

*SSL - Secure Socket Layer - universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers.