Educause Security Discussion mailing list archives

Re: higher education "best practices" for authenticating to campus IT resources

From: Kevin Kelly <kck () IAS EDU>
Date: Tue, 6 Oct 2009 16:21:26 -0400

Hello,

We offer single sign-on for many of our systems on campus except those systems similar to those that Daniel used as 
examples in his original message.  The staff that work on that sort of data use two separate sets of credentials at our 
institution - one for signing into the domain and accessing their e-mail and files and another for accessing systems 
similar to those that Daniel used as examples in his original message.  In addition, these users are subjected to a 
password policy that requires frequent password changes, X previous passwords cannot be used again and password length 
and complexity criteria must be met.

Thanks,

Kevin Kelly
Windows Systems Administrator
Institute for Advanced Study

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel 
Bennett
Sent: Tuesday, October 06, 2009 3:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] higher education "best practices" for authenticating to campus IT resources

Hello All,

Currently, we are trying to answer the following questions to sort of benchmark higher education "best practices" for 
authenticating to campus IT resources:

1.      Does your institution provide separate usernames and passwords for critical and non-critical information 
systems (multiple authentication systems)? An example, the Director of Financial Operations uses one username and 
password to log into his/her Windows-based workstation, campus e-mail,  or campus portal and another different username 
and password to log into the campus financial system.

If no, to the above question:

2.      Does your authentication system also provide single sign-on to all campus information systems?  An example, the 
Director of Financial Operations logs into his/her workstation and once logged in he/she can access all other campus 
applications without providing the username/password again, through some sort of single sign-in infrastructure.

Thanks,

Daniel Bennett
IT Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport PA, 17701
570.329.4989

Current thread:

Re: higher education "best practices" for authenticating to campus IT resources Childs, Aaron (Oct 06)
- <Possible follow-ups>
- Re: higher education "best practices" for authenticating to campus IT resources Kevin Kelly (Oct 06)
- Re: higher education "best practices" for authenticating to campus IT resources Theresa Rowe (Oct 07)