Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: inital passwords for students
From: "Yost, Davis" <yost () NORTHWOOD EDU>
Date: Fri, 6 Dec 2013 10:11:25 -0500

Do you have a commercial password reset page?

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Curry
Sent: Friday, December 6, 2013 10:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] inital passwords for students

In the past, we set students' initial passwords to date of birth, and the relevant email notifying them that their 
account had been created told them the correct format (yymmdd or whatever). We're moving away from this however, as 
it's never been terribly secure, and with the way students share personal information on Facebook and whatever, it's 
even less so today.

Our new approach is to set initial passwords to randomly generated strings of characters that meet our password 
complexity requirements. These strings are not saved, and are never given to anyone. Instead, the email notifying 
students that their account has been created directs them to our password reset page, where they are able to choose 
their own password after providing enough information to verify their identity.

We require passwords to be changed twice a year (180 days).

--Dave




--

DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011

+1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu>

On Fri, Dec 6, 2013 at 9:33 AM, Yost, Davis <yost () northwood edu<mailto:yost () northwood edu>> wrote:
Group,

Looking for guidance on emailing initial passwords to students, dose anyone do this?  What do you use for the initial 
password?  How often do you require students to change there password?


Thank you,

Davis Yost
Associate Director of Security and Networks
Northwood University
yost () northwood edu<mailto:yost () northwood edu>
989.837.4185 office
989.859.7761 cell



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]