Recognising Genuine University Login Screens

Online criminals will try a variety of ways to convince you into revealing your username and password. One increasingly popular technique is to create an imitation of a corporate website and then trick you into logging in to the imitation website instead of the genuine one.

If you have any doubts about the authenticity of a University login page please contact the CiCS helpdesk:

CiCS Helpdesk

MUSE

MUSE now features a green ‘University of Sheffield’ banner in the address bar of your web browser when you view the login screen. Below is how it appears in the four main browsers:

Chrome

Chrome banner

Safari

Safari banner

Firefox

Firefox banner

Internet Explorer

IE Banner

The web address of the MUSE login screen must start with the text login.shef.ac.uk/  The trailing / after .uk is very important, if it is missing and especially if there is a . in its place, you must not log in. The address after .uk/ can and should vary.

The certificate in itself does not make MUSE more secure, instead it makes it easier to notice forgeries. The green banner will appear on the MUSE login screen and on secure (https) University website pages for www.shef.ac.uk and www.sheffield.ac.uk addresses. However, there will still be some University login pages that will not feature the green banner. These sites will be no less secure, but you should take additional steps to verify that these login pages are genuine.

Other Login Screens

Where possible you should only sign into online services via MUSE. If offers the most secure, best practice access to services. Other University login screens do exist and you should check that these are genuine.

Genuine University web pages start with the text something.shef.ac.uk/ or something.sheffield.ac.uk/ - the trailing '/' after .uk is very important! Examples are:

  • portal.shef.ac.uk/
  • uspace.shef.ac.uk/
  • www.sheffield.ac.uk/

In addition, if the web page is a log in screen for a University online service, the web address will begin with the five letters https - the s is very important: if it is absent do not log in!

The final test is the presence of a padlock icon. All web pages that allow you to log in with a username and password should display a padlock icon to represent a secure website. The padlock is displayed in different places in different web browsers, sometimes next to the address bar, sometimes at the bottom of the web browser window, but it will always be there somewhere. If you cannot see a padlock icon in the window of a web log in screen do not log in.

The Juice login page below has an address that includes a padlock icon and https - and includes .shef.ac.uk/ Therefore you can be confident it is genuine and are safe to log in.

Juice login address