Educause Security Discussion mailing list archives

Re: Special needs students and passwords

From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Wed, 1 Dec 2010 20:58:05 +0000

Assuming password policies are the result of a risk assessment, changing
those policies would imply a change in what is deemed acceptable risk.

Account compromises put shared systems at additional risk directly by
raising the possibility of elevation of privilege attacks and other people
and services at risk by raising the possibility of unauthorized access to
adjacent services or spoofing identity.





-----Original Message-----
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wed, 1 Dec 2010 12:54:13 -0600
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Special needs students and passwords

I think this will quickly go beyond accessibility policy to needs for
technical implementations.

We've gotten a nibble or two on these items, and it looks like some of
them may require special-case exceptions to password change complexity
code, or alternate password-change applications, changes in LOA
requirement logic in application access control, amongst other things.

I'd purely love to hear real-world examples from anyone who's tried to
make progress on the technical side of accommodations in re: access
control and security systems.

  -jml

Valdis Kletnieks <Valdis.Kletnieks () VT EDU> 2010-12-01 12:22 >>>

On Wed, 01 Dec 2010 05:44:21 GMT, Stewart James said:

How are other institutes handling access for those students:

*         Where reliably entering  passwords is an issue?


Probably best addressed as part of an overall accessibility policy. If
they
can't enter passwords, they're probably going to have problems after they
get
past the password as we.. You also need to deal with visually handicapped
users
and so on - it may be you just need to bite the bullet and accept the
fact that
some users can't use the general-use computers in the lab, and have to
access
from (probably their own) systems that have specialized accessibility
input/
output devices/etc.

*         Short term memory retention may be an issue?


See above.



-- 
Gary Flynn

Security Engineer
James Madison University

Attachment: smime.p7s
Description:

Current thread:

Special needs students and passwords Stewart James (Nov 30)
- Re: Special needs students and passwords Valdis Kletnieks (Dec 01)
  - Re: Special needs students and passwords John Ladwig (Dec 01)
    - Re: Special needs students and passwords Flynn, Gary - flynngn (Dec 01)
    - Re: Special needs students and passwords Paul Kendall (Dec 01)
    - Re: Special needs students and passwords Nick Lewis (Dec 01)
- Re: Special needs students and passwords Will Froning (Dec 01)
- Re: Special needs students and passwords Brandon Payne (Dec 02)
- Re: Special needs students and passwords Russell Fulton (Dec 02)