Educause Security Discussion mailing list archives
Equifax Work Number
From: Dean Halter <dean.halter () NOTES UDAYTON EDU>
Date: Thu, 6 Aug 2015 09:46:03 -0400
We are considering engaging Equifax to allow our current and past employees to electronically verify employment and income to lenders, social services, etc. Users get accounts and can log in and specifically provide "verifiers" access to their personal information as necessary. This solution is intended to be available for both current and past employees so central authentication isn't going to work for everyone. One of the suggestions we received is use the SSN for username and a password composed of some combination of last name/part of birth date/etc for authentication. There will be security controls in place like locking the account after xx failed attempts. Assuming the controls are adequate, what are other schools using for username/passwords and what are best practices for authentication of past employees? I'd also be interested in your opinions on whether the risks with respect to privacy and security of these types of solutions are greater than their reward. Thanks in advance, Dean ___________ Dean Halter, CISA, CISSP IT Risk Management Officer, UDit University of Dayton Miriam Hall 358 (937) 229-4387 "Security is a process, not a product." Bruce Schneier
Current thread:
- Equifax Work Number Dean Halter (Aug 06)