Educause Security Discussion mailing list archives
Re: inital passwords for students
From: David Curry <david.curry () NEWSCHOOL EDU>
Date: Fri, 6 Dec 2013 10:04:15 -0500
In the past, we set students' initial passwords to date of birth, and the relevant email notifying them that their account had been created told them the correct format (yymmdd or whatever). We're moving away from this however, as it's never been terribly secure, and with the way students share personal information on Facebook and whatever, it's even less so today. Our new approach is to set initial passwords to randomly generated strings of characters that meet our password complexity requirements. These strings are not saved, and are never given to anyone. Instead, the email notifying students that their account has been created directs them to our password reset page, where they are able to choose their own password after providing enough information to verify their identity. We require passwords to be changed twice a year (180 days). --Dave -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu On Fri, Dec 6, 2013 at 9:33 AM, Yost, Davis <yost () northwood edu> wrote:
Group, Looking for guidance on emailing initial passwords to students, dose anyone do this? What do you use for the initial password? How often do you require students to change there password? Thank you, Davis Yost Associate Director of Security and Networks Northwood University yost () northwood edu 989.837.4185 office 989.859.7761 cell
Current thread:
- inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Joel L. Rosenblatt (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Nick Giacobe (Dec 06)
- Re: inital passwords for students Hugh Burley (Dec 06)
- Re: inital passwords for students Dan Schwartz (Dec 06)
- Re: inital passwords for students Jones, Mark B (Dec 06)
- Re: inital passwords for students Barron Hulver (Dec 06)
- Re: inital passwords for students McLaughlin, Bryan S. (Dec 06)