NCSU Wrap 1.6 Logo

Security Image

What is this image?

We have added a dynamically-generated security image to each of the WRAP login pages, to make it easier for our users to detect fake login sites that are trying to steal the users' password credentials.

example good image

You should make sure this image exists on the WRAP login page before you enter your password. You should make sure the contents of the image are correctly generated, as described below. If the image is missing, or it is not generated correctly, Do Not Enter Your Password On The Form! When in doubt, go to our site by typing the URL "webauth.ncsu.edu" into your browser and make sure the security image is working correctly from that site.

How to check the image

A legitimate image contains an icon (stop sign, warning sign, or green circle) on the left side, with the current timestamp watermarked over top of it. The text is on the right side. The background is a textured gray. It does not contain the "EXAMPLE IMAGE" watermark seen on this page.

Verify this site has an SSL key from NCSU

The real WRAP login page is always provided by an SSL-secured webserver at ncsu.edu. You can use your browser's security features to verify that the SSL certificate matches the site correctly. Look for a padlock icon on your browser and click it to see the site certificate. Different browsers present the padlock in different places:

This page host

This domain name should always be an NCSU WRAP login server, usually webauth.ncsu.edu. sysnews.ncsu.edu is also used for WRAP logins. If this item is missing, it is probably because your browser was told not to send referring page information to the image generator.

Login returns to

This domain name is the site that sent you to login to WRAP. This data is passed to WRAP login so it can send you back to the correct location after a successful login. If this data is not passed, the referring site has done something wrong. This could be a sign that the referring site is not legitimate, so check it carefully.

Verify this timestamp is current

The timestamp on the image is the time of day that the image was requested from the server. It is always reported in NCSU's timezone, US Eastern time. It should match or be very close to the current time found on your computer. If it is wrong, then the image was not generated for your request and it's probably a fake.

The time portion of the timestamp is also watermarked over the icon part of the image. That time and the value in the timestamp should be exactly the same.

Finally, the timestamp also contains the IP address reported for your computer. This helps you determine that, in fact, this image was generated for your connection and no other.

Failure and Warning Images

The image generator does a few extra security checks for you. These can only protect you from an attacker who tries to reuse our image generator on another site. If any of the security checks fail, you will see an image similar to this one:

example bad image

Be sure to follow these instructions. Do not login to the site. If you know you need to login, go to our site by typing the URL "webauth.ncsu.edu" into your browser and make sure the security image is working correctly from that site.

If either of the referring URLs are not passed to the image generator, a warning image like this one will be displayed:

example warning image

Make sure your browser is passing referrer information and cookies correctly. Make sure you have been referred to the WRAP login page from a correctly configured server. When in doubt, go to our site by typing the URL "webauth.ncsu.edu" into your browser and make sure the security image is working correctly from that site.