stopping students sharing their login credentials

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Background:

Earlier this week we had an incident where the building security
officer noticed a group of unfamiliar people using machines in one of
our labs.  She asked them for their ID cards and none could (would?)
produce one.  On questioning they said they were students from a
neighbouring institution and that they were using "borrowed" credential.

We have cctv footage and swipe card logs from the door (which may show
they tail gated someone in).   We are now tracking down which machines
were being used so we can disable the accounts.

To the point.

We (the security techies) have been asked what measures we can deploy
to prevent this sort of thing happening in future.

We already do lots of education, posters, page on the back of the
student handbook. Students have no excuse for not knowing that they
should not share passwords.

On the social/education side we could make an example of anyone we
finger for this (assuming we can make charges stick) in the hope that
this will persuade other students not to share their passwords.

Technical solutions seem to revolve around some form of two factor
authentication.  I.e. something the student has but which they will be
reluctant to part with for any length of time.  Like their ID card.

Our ID cards have bar codes and classic mag stripe.   Some labs (like
this one) also have proximity card locks.  Generally only post grad
students or students in special coursed (like medicine) have proximity
cards.

Anyway I would very much like to know what other are doing in this
space.

Cheers, Russell

Attachment: smime.p7s
Description: