Educause Security Discussion
mailing list archives
Re: inital passwords for students
From: Nick Giacobe <nxg13 () PSU EDU>
Date: Fri, 6 Dec 2013 11:24:17 -0500
Our University requires that students do the following to get their first
This is accomplished during "New Student Orientation". Students are taken
to a "signature station" - generally in our public computing labs on one of
our campuses - to complete an account initiation process. They authenticate
using their university-provided mag-stripe ID card. At that point, they are
required to agree to specific university policies related to computing, etc.
Then, they can select their own password - as long as it complies with the
password complexity rules.
These students receive their first password via U.S. Mail during their
registration process. They are required to change it on first login. It is
a random string of characters - upper/lower/number/symbol.
Passwords are required to be changed every 12 months. However, if a
password is 11 months old, the user is forced to change it if they log in to
our single-signon service. Some services that don't use our SSO (a POP3 or
IMAP email client, for example) don't have the hooks to launch the password
reset website, so we don't force the password to be changed between the 11th
and 12th month time periods if only those services are being used. Accounts
with passwords over 12 months are locked out and require a physical visit to
one of our helpdesk locations. Our online students have a telephone
helpdesk that handles password resets, but everyone else is required to be
physically present with a University ID card to get a password reset.
Nicklaus A. Giacobe, Ph.D.
Research Associate and Lecturer
College of Information Sciences and Technology
Penn State University
101 Information Sciences and Technology Building
University Park, PA 16802
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Yost, Davis
Sent: Friday, December 06, 2013 9:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] inital passwords for students
Looking for guidance on emailing initial passwords to students, dose anyone
do this? What do you use for the initial password? How often do you
require students to change there password?
Associate Director of Security and Networks
<mailto:yost () northwood edu> yost () northwood edu