Educause Security Discussion mailing list archives
Re: inital passwords for students
From: "Stevens, Eric J." <STEVENEJ () UWEC EDU>
Date: Fri, 6 Dec 2013 15:07:18 +0000
"providing enough information to verify their identity."...... What information do you require? Thanks Eric From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Curry Sent: Friday, December 6, 2013 9:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] inital passwords for students In the past, we set students' initial passwords to date of birth, and the relevant email notifying them that their account had been created told them the correct format (yymmdd or whatever). We're moving away from this however, as it's never been terribly secure, and with the way students share personal information on Facebook and whatever, it's even less so today. Our new approach is to set initial passwords to randomly generated strings of characters that meet our password complexity requirements. These strings are not saved, and are never given to anyone. Instead, the email notifying students that their account has been created directs them to our password reset page, where they are able to choose their own password after providing enough information to verify their identity. We require passwords to be changed twice a year (180 days). --Dave -- DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011 +1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu> On Fri, Dec 6, 2013 at 9:33 AM, Yost, Davis <yost () northwood edu<mailto:yost () northwood edu>> wrote: Group, Looking for guidance on emailing initial passwords to students, dose anyone do this? What do you use for the initial password? How often do you require students to change there password? Thank you, Davis Yost Associate Director of Security and Networks Northwood University yost () northwood edu<mailto:yost () northwood edu> 989.837.4185 office 989.859.7761 cell
Current thread:
- inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Joel L. Rosenblatt (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Nick Giacobe (Dec 06)
- Re: inital passwords for students Hugh Burley (Dec 06)
- Re: inital passwords for students Dan Schwartz (Dec 06)
- Re: inital passwords for students Jones, Mark B (Dec 06)
- Re: inital passwords for students Barron Hulver (Dec 06)
- Re: inital passwords for students McLaughlin, Bryan S. (Dec 06)
- Re: inital passwords for students Don Faulkner (Dec 10)