Safe use of services

Using online services often requires registration. In order to register, the user has to provide personal and contact information. Registration includes also a personal username and a password.

If you are asked to enter personal data in order to use an Internet service, check what the data is used for and whether the website has a secure connection. The websites of Finnish companies have to include a file description if they collect personal data from users.

User identification

To guarantee the safety of services on the Internet, it is essential that the user of the service can be identified. A common identification method includes simply a username and a password. Some services require more secure ways of identifying the user. For example, bank services use passwords and constantly changing codes in addition to the username.

Always store usernames and passwords separately in safe places. They should not be stored unencrypted on the computer or some other unsafe place. It is highly advisable to memorise permanent usernames.

When choosing a password, keep in mind the basic rule that the password should not be easy to guess. For example, your own name or the name of a relative are very bad password choices. A strong password combines upper and lower case letters, numbers and other characters.

Identification methods that are more secure than usernames and passwords include certificate-based validation methods, such as the citizen certificate and mobile certificate.

Secure websites

On a secure website, traffic during a connection is encrypted. The protected information is converted into ciphertext and decrypted to its original form in the receiving end.

When you are on a secure website, the status bar at the bottom of the browser displays a lock icon and the address in the address bar begins with 'https' instead of 'http'. The letter 's' added to the end stands for 'secure'. This means that the website is secured using SSL protection (Secure Sockets Layer).

Secure websites involve also digital certificates. With the certificate, the browser can identify an SSL protected website. You can check the certificate by double-clicking the lock icon in the address bar or the bottom right-hand corner of the browser and examining the 'Issued to' field of the certificate.

The certificate should correspond to the address of the website you are visiting. If the names do not match, the website may be fake. Remember also to pay attention to the spelling of the name, because fraudulent websites may use slightly altered spellings. If you are not certain about the authenticity of the certificate, the safest thing to do is to close the website without providing any personal data.

It is always advisable to check the authenticity and protection of the website. Users can be scammed by placing in e-mails and on websites links with different addresses than the actual target of the link. For example, a link in an e-mail or an attachment may appear to be a SSL protected HTTPS website, but in reality, the link directs the user to an unprotected website. To ensure the authenticity of the website, write the Internet address of the service provider that is mentioned in the link to the address bar of the browser. The addresses usually begin with 'www'.

Site updated 18.11.2008