Educause Security Discussion mailing list archives

Re: inital passwords for students

From: Nick Giacobe <nxg13 () PSU EDU>
Date: Fri, 6 Dec 2013 11:24:17 -0500

Our University requires that students do the following to get their first
password:

 

Resident Students

 

This is accomplished during "New Student Orientation".  Students are taken
to a "signature station" - generally in our public computing labs on one of
our campuses - to complete an account initiation process.  They authenticate
using their university-provided mag-stripe ID card.  At that point, they are
required to agree to specific university policies related to computing, etc.
Then, they can select their own password - as long as it complies with the
password complexity rules.

 

Online Students

 

These students receive their first password via U.S. Mail during their
registration process.  They are required to change it on first login.  It is
a random string of characters - upper/lower/number/symbol.

 

Passwords are required to be changed every 12 months.  However, if a
password is 11 months old, the user is forced to change it if they log in to
our single-signon service.  Some services that don't use our SSO (a POP3 or
IMAP email client, for example) don't have the hooks to launch the password
reset website, so we don't force the password to be changed between the 11th
and 12th month time periods if only those services are being used.  Accounts
with passwords over 12 months are locked out and require a physical visit to
one of our helpdesk locations.  Our online students have a telephone
helpdesk that handles password resets, but everyone else is required to be
physically present with a University ID card to get a password reset.

 

---

Nicklaus A. Giacobe, Ph.D.

Research Associate and Lecturer

Phone: 814-865-8233

College of Information Sciences and Technology

Penn State University

101 Information Sciences and Technology Building

University Park, PA 16802

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Yost, Davis
Sent: Friday, December 06, 2013 9:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] inital passwords for students

 

Group, 

 

Looking for guidance on emailing initial passwords to students, dose anyone
do this?  What do you use for the initial password?  How often do you
require students to change there password?

 

 

Thank you,

 

Davis Yost

Associate Director of Security and Networks

Northwood University

 <mailto:yost () northwood edu> yost () northwood edu

989.837.4185 office

989.859.7761 cell

Current thread:

inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Joel L. Rosenblatt (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
  - Re: inital passwords for students Stevens, Eric J. (Dec 06)
    - Re: inital passwords for students David Curry (Dec 06)
    - Re: inital passwords for students David Curry (Dec 06)
  - Re: inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Nick Giacobe (Dec 06)
- Re: inital passwords for students Hugh Burley (Dec 06)
- Re: inital passwords for students Dan Schwartz (Dec 06)
- Re: inital passwords for students Jones, Mark B (Dec 06)
- Re: inital passwords for students Barron Hulver (Dec 06)
- Re: inital passwords for students McLaughlin, Bryan S. (Dec 06)
- Re: inital passwords for students Don Faulkner (Dec 10)