Educause Security Discussion mailing list archives
Re: Special needs students and passwords
From: Paul Kendall <PKendall () ACCUDATASYSTEMS COM>
Date: Wed, 1 Dec 2010 15:11:17 -0600
An interesting conundrum. If you make the process easier, you introduce greater risk. Some standards (PCI DSS, for example) don't make allowances for disabilities, which can make it doubly difficult if this becomes an issue in that environment. Biometric access (laptops, for example) may offer some type of solution, although not necessarily a universal one. In some cases, the student may have their own customized system, so ensuring it meets security requirements for network connectivity might be all that is needed, along with some way to authenticate to the network that preserves the integrity of the perimeter security requirements. However, this may not translate successfully into access for all internal applications. At what point does one draw a distinction between 'reasonable access accommodations' and computing infrastructure security? I will be very curious to see where this thread leads. Paul ======================================== Paul L. Kendall, Ph.D., CGEIT, CHS-III, CISM, CISSP, CSSLP Certified HIPAA Professional Certified HIPAA Security Specialist PCI Qualified Security Assessor Senior Consultant Accudata Systems, Inc. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Flynn, Gary - flynngn Sent: Wednesday, December 01, 2010 2:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Special needs students and passwords Assuming password policies are the result of a risk assessment, changing those policies would imply a change in what is deemed acceptable risk. Account compromises put shared systems at additional risk directly by raising the possibility of elevation of privilege attacks and other people and services at risk by raising the possibility of unauthorized access to adjacent services or spoofing identity. -----Original Message----- From: John Ladwig <John.Ladwig () CSU MNSCU EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wed, 1 Dec 2010 12:54:13 -0600 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Special needs students and passwords
I think this will quickly go beyond accessibility policy to needs for technical implementations. We've gotten a nibble or two on these items, and it looks like some of them may require special-case exceptions to password change complexity code, or alternate password-change applications, changes in LOA requirement logic in application access control, amongst other things. I'd purely love to hear real-world examples from anyone who's tried to make progress on the technical side of accommodations in re: access control and security systems. -jmlValdis Kletnieks <Valdis.Kletnieks () VT EDU> 2010-12-01 12:22 >>>On Wed, 01 Dec 2010 05:44:21 GMT, Stewart James said:How are other institutes handling access for those students: * Where reliably entering passwords is an issue?Probably best addressed as part of an overall accessibility policy. If they can't enter passwords, they're probably going to have problems after they get past the password as we.. You also need to deal with visually handicapped users and so on - it may be you just need to bite the bullet and accept the fact that some users can't use the general-use computers in the lab, and have to access from (probably their own) systems that have specialized accessibility input/ output devices/etc.* Short term memory retention may be an issue?See above.
-- Gary Flynn Security Engineer James Madison University
Current thread:
- Special needs students and passwords Stewart James (Nov 30)
- Re: Special needs students and passwords Valdis Kletnieks (Dec 01)
- Re: Special needs students and passwords John Ladwig (Dec 01)
- Re: Special needs students and passwords Flynn, Gary - flynngn (Dec 01)
- Re: Special needs students and passwords Paul Kendall (Dec 01)
- Re: Special needs students and passwords Nick Lewis (Dec 01)
- Re: Special needs students and passwords John Ladwig (Dec 01)
- Re: Special needs students and passwords Valdis Kletnieks (Dec 01)