Educause Security Discussion mailing list archives
University credentials used by third parties
From: Justin Sherenco <jsherenco () EMICH EDU>
Date: Tue, 17 Aug 2010 13:12:34 -0400
Hello, Recently a local on-line news site (http://www.annarbor.com/news/university-of-michigan-students-can-wager-on -grades-via-website/) wrote an article about a new website that lets students bet on their own grades. The betting aspect aside I was intrigued by this line "they have to register and upload their schedules to grant the site access to school records." To investigate further I went through the account set up process and found that the student has the option to allow the site to automatically download their student records (see attached ultinsic2.jpg). It actually asks for their academic user name and password! EMU is currently not on their list of supported schools but they mention will be rolling out nationally. We have policies and standards in place that say don't give out you password and in my opinion giving credentials to this site would violate them. Are there any other Universities investigating the use of usernames and passwords used by third party web applications not sanctioned by the University? Any talk on actually blocking a site like this from automatically logging in (system stability/privacy/security issues?) or is this more of users choice? Regards, Justin ------------------------------------- Justin Sherenco, CISSP Easten Michigan University Security Analyst http://it.emich.edu/security
Current thread:
- University credentials used by third parties Justin Sherenco (Aug 17)
- Re: University credentials used by third parties Walter Petruska (Aug 17)
- Re: University credentials used by third parties Ken Connelly (Aug 17)
- Re: University credentials used by third parties Bob Bayn (Aug 17)
- Re: University credentials used by third parties Sam Hooker (Aug 17)
- Re: University credentials used by third parties Cathy Hubbs (Aug 17)
- Re: University credentials used by third parties Pete Hickey (Aug 17)
- Re: University credentials used by third parties Valdis Kletnieks (Aug 17)
- Re: University credentials used by third parties Walter Petruska (Aug 17)
- Password Expatriation notification James Farr '05 (Aug 17)
- Re: Password Expatriation notification Ken Connelly (Aug 17)
- Re: Password Expatriation notification Kieper, David (Aug 17)