Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stopping students sharing their login credentials

From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Fri, 23 Jan 2009 11:11:06 -0500

...

So, how do we fix this? The best solution I found was to state "you
are responsible for whatever activities originate from your userid,
computer, id card..." (feel free to include whatever
authentication/authorization mechanism you have). This is easily
enforceable. Computer and access control logs note the "userid/token"
that was used to gain entry. SInce you can identify the owner, that
person is responsible for its use.




This is fine for some of the stronger forms of authentication. But I don't think it can be applied to logical access 
using username/password given desktop vulnerabilities such as keyloggers and human factor vulnerabilities such as 
sophisticated phishing. 

Mike



Mike Wiseman
Computing and Networking Services
University of Toronto
Previous By Date Next
Previous By Thread Next

Current thread: