See below for a quick glossary of key terms relating to HarvardKey, Harvard's authentication system, and identity and access management principles in general. Is there something missing from this list? Contact us.

The process used to verify a user's identity. A person using HarvardKey to log in to a website or application is seeking to be authenticated. The system performs password-type authentication; in other words, when a user supplies a login ID and password that match, that user is understood to correspond to the login credentials.

Authorization is the process of verifying that a known (authenticated) user has the authority to perform a certain operation. In order to gain access to an online resource, you must be both authenticated and authorized.

Digital certificate
A small amount of information stored on a computer that indicates that computer is trusted by an independent source (known as a certificate authority). The certificate authority acts as a middleman that multiple computers trust. Authenticating using a digital certificate provides a stronger level of security, because the process is using something that is physically stored on the computer in the process of verifying that computer's identity.

The process of taking the data that one computer is sending to another and encoding it — without adding additional information — into a form that makes it unreadable by a human being or machine. Encryption provides an additional layer of security for data moving across a network.

A "single identity for life" spanning the Harvard Community, the HarvardKey authentication system enables access to a wide range of applications and services Harvard users need every day using a single login name and password.

Harvard University ID number (HUID)
An eight-digit number issued to people actively associated with Harvard University. If you have been issued an ID card, your ID number is on this card, along with an additional ninth reissue digit. Individuals who are issued HUIDs include employees, students, library borrowers, and other special affiliates. Users with HUIDs and associated passwords may use these credentials to log in to HarvardKey-protected systems by clicking the appropriate tab in the login screen.

HMS eCommons login
An HMS eCommons login is a login type issued to members of the Harvard Medical Area community, including university and hospital employees. For information on this login type, visit the eCommons website. Users with eCommons credentials may use these credentials to log in to some HarvardKey-protected systems by clicking the appropriate tab in the login screen.

Login Name
The unique identifier of a user that must be supplied in combination with a password in order for the user to be authenticated. In HarvardKey, the login name takes the form of an email address

Login type
A login type is a specific format of login ID that corresponds to a category of users. The Harvard authentication system's default login type is HarvardKey, though a variety of protected sites also accept a range of different login types for authentication. Other login types include:

  • Harvard University ID (HUID)
  • XID login (guest accounts)
  • eCommons login (Harvard Medical Area affiliates)

Also called ADID, this login name is made up of three letters and three or four numbers (example: abc1234). It is used in systems where HarvardKey login name is not accepted (due to technical constraints), or as an alternative login type in Microsoft Active Directory environments.

A secret string of information that a user supplies with his or her login ID in order to verify identity. A password may take different forms, such as a random group of characters, a memorable but not plain-English string of letters and numbers, or even an entire phrase.

Secure Sockets Layer (SSL)
Secure Sockets Layer, a popular implementation of public-key encryption, is an Internet security protocol used by web browsers and servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS). You can look in your browser to determine when a website is using a secure protocol such as TLS; locations of websites that use SSL begin with the prefix "https" rather than "http," and you will often see the icon of a closed padlock or a solid, unbroken key in your browser's address bar to indicate that SSL is enabled.

Two-step verification
Sometimes called "multifactor authentication", two-step verification strengthens the security of a user's login by combining something the user knows (login name and password) with something the user has (in may cases, a text-message login code sent to their phone, or a smartphone push notification). HarvardKey users can set up optional two-step verification using their cell phone, mobile device, or even landline phone.

XID login
A login type for guest accounts in the Harvard online environment. These may be issued by someone managing a particular website or application, or obtained by users themselves via a self-service registration process. For information, visit the XID website. Users with XID credentials may use these credentials to log in to some HarvardKey-protected systems by clicking the appropriate tab in the login screen.