Educause Security Discussion mailing list archives

Re: Best practices for identifying students

From: Hugh Burley <Hburley () TRU CA>
Date: Thu, 7 Sep 2017 17:01:51 +0000

Hi Walter,

We use the process in the attached .docx.  Let me know if this has any value.

Regards,

Hugh Burley
Manager Information Security
Thompson Rivers University
BCCOL 225
250-852-6351



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of WALTER 
KERNER
Sent: Thursday, September 7, 2017 4:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Best practices for identifying students

Hi all.  Can you comment on your practices and procedures for confirming student identity if they request a password 
re-set?  We have to service people in person, through email, and on the phone.  A couple of ideas if have heard


Ask the caller/emailer to text or email a picture of him/herself

Ask the caller/emailer questions from his/her student record, like birthdate or course name

Set up a knowledge-based question set like mother’s maiden name or favorite movie.

Are you using these or other techniques?  We appreciate the insights.  Thanks



Walter Kerner
Acting AVP and CISO
[blue]
333 7th Avenue, 13th Floor
New York, NY 10001
Voice: 212-217-3415

Attachment: User Identity Validation Procedure Shareable.docx
Description: User Identity Validation Procedure Shareable.docx

Current thread:

Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Joanna Grama (Sep 07)
- Message not available
  - Re: Best practices for identifying students Rich Graves (Sep 07)
- Re: Best practices for identifying students Hugh Burley (Sep 07)
  - Re: Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Jones, Mark B (Sep 07)