Recommendations for secure login

See also:

• External authenticated services
• Regulations for the use of external network services available through the Central Login Point

Logging in to a service that uses federated authentication typically involves the following scenario:

1. Users choose their home institution from the list (UMK)
2. The service page redirects to the NCU Central Login Point website
3. The user logs in to the NCU Central Login Point
4. NCU Central Login Point shows a question about consent to provide the Service with the attributes required by it.
5. If the user agrees, the redirection to the Service page will happen automatically and the user is logged in, otherwise the logging in does not take place.

If the user has already been logged in to the NCU Central Login Point, points 2 and 3 will be carried out automatically.

The user should always confirm the authenticity of the NCU Central Login Point by checking that the address shown in the browser starts with https://login.umk.pl/ and the browser shows the secure connection symbol. If the address of the page was different, it means an attempt to fake and under no circumstances should you log in to such a page, and report the entire matter to the UMK administrators.

The use of external services that call up the UMK login page is associated with a potential risk. A fake service can redirect the user to a fake login page and thus trick the user into providing the username and password.

A way to guarantee high security is to log in to the NCU Central Login Point first. Until logging out or closing the browser, the user should be automatically admitted to all services available to him. In this situation, the appearance of the login page should be treated as an alarm signal. The service may require you to log in again, but this is unusual. It is therefore necessary to check the authenticity of the login page.