Authentication and security

Using tokens | Returning your token | Security overview

Using tokens

Individuals who are authorized to use the computing and storage resources that CISL manages receive an authentication token and personal identification number (PIN) that they use to log in to a system.

To learn about how to use your token, see the relevant link:

YubiKey

CRYPTOCard

Tokens and PINs must be protected and may not be shared with anyone. If sharing is detected, CISL will disable the accounts of those involved.

Token pick-up, drop-off

Users at the Mesa Lab who need to pick up or drop off an authentication token can do so at these times in ML29 on 1B:

Monday-Friday

  • 10:30-11:30 a.m.
  • 2:00-3:00 p.m.

The same applies to passwords that give users access to some internal UCAR systems but are not needed for accessing the CISL computing and storage resources. See our passwords documentation for details.

UCAR and NCAR computers, computing systems, and associated communications systems are to be used for official business only.

By signing for a token, you agree not to misuse these resources, and you accept responsibility for activity associated with your username and token. You also agree not to duplicate or use copyrighted or proprietary software without proper authorization.


Returning your token

You must return your token when your project ends or you will no longer be using these systems. When you return it, use a protective envelope and include a note with your name, username, and reason for returning the token.

CISL charges a fee for lost or unreturned tokens. 

Return your authentication token to:

UCAR Shipping and Receiving
c/o Computer Room Mesa Lab
3090 Center Green Drive
Boulder, CO 80301


Security overview

All users must comply with UCAR computer security policies and procedures. See Access to and use of computer and information systems.

We strive to maximize the availability and value of our computer and network systems by protecting them from unauthorized access. Good security practices help prevent data loss or corruption, malicious activity, and loss of computer time.

As a user, you have an important role in ensuring the security of these resources. In addition to protecting the authentication token that gives you access to our systems, we ask that you do the following:

Report security events

Report potential security breaches involving our computers and networks as soon as possible to the CISL Help Desk at 303-497-2400 or to your appropriate system administration staff.

Protect your PIN

Do not leave your PIN where others may view it, and do not affix it to your workstation or your token. Do not use the same PIN that you use for debit cards or credit cards.

Try to memorize your PIN instead of writing it down. You may write it down, but do not store it with the token. If you do write it down, keep it where others cannot access it, such as in a locked desk drawer or file cabinet that only you can access.

Use encryption for logging in and transferring files

Our systems require this, but it also is good practice to use encryption for other computers and systems.

Patch your systems and use anti-virus software

This applies to any computer from which you log in to UCAR and NCAR systems. If you are using your own personal computer or another non-UCAR or non-NCAR computer, be sure that it is kept up to date with the latest software patches and anti-virus protection.

If you are planning to visit UCAR and bringing your own computer, discuss wireless and guest network access with your UCAR contact before you arrive. Procedures regarding guest network access also apply to personally owned computers that UCAR and NCAR staff bring in.

Be careful

Be aware of email scams and so-called "social engineering" methods that hackers and fraudsters use to gain access to passwords and other information. Never give anyone your password. UCAR and NCAR system administrators will not ask you for your password via phone or email.

Other cautions

  • Don't run strange binaries or executables.
  • Don't log in to sites that you receive in email or other messages, especially if the message seems urgent and you are not familiar with the site.
  • Some malware is spread via USB flash drives, so make sure any flash drives that you use are from trusted sources.