Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: inital passwords for students
From: Dan Schwartz <dan.schwartz () LEHIGH EDU>
Date: Fri, 6 Dec 2013 12:42:51 -0500

Hi -

We send a letter out with a banner id number and a generated pin which they
then use to initially open their accounts, after which they use a username
/ password.

We are currently in the process of changing that practice for student
accounts to use a SAML or CAS connection from the applicant portal to do
the initial authentication to create their account.  This way they don't
need to wait for an initial password from us to arrive by mail, and we
eliminate security concerns with email.  We implicitly trust that if they
have entered all their personal information into the applicant portal, and
based on that we've vetted their data and gone on to offer them admission,
that they are who they say they are.

We currently require password changes 2 times per year, though everyone is
allowed to change their password more often.   I'd like to vary the
expiration interval based on password complexity and length but haven't
implemented that concept yet.

-- 
Dan Schwartz | LTS - Systems and Networking  | Lehigh University |
das1 () lehigh edu | (610) 758-5061



On Fri, Dec 6, 2013 at 9:33 AM, Yost, Davis <yost () northwood edu> wrote:

Group,



Looking for guidance on emailing initial passwords to students, dose
anyone do this?  What do you use for the initial password?  How often do
you require students to change there password?





Thank you,



Davis Yost

Associate Director of Security and Networks

Northwood University

yost () northwood edu

989.837.4185 office

989.859.7761 cell




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]