Re: inital passwords for students

[Dan Schwartz <dan.schwartz () LEHIGH EDU>]

Hi -

We send a letter out with a banner id number and a generated pin which they
then use to initially open their accounts, after which they use a username
/ password.

We are currently in the process of changing that practice for student
accounts to use a SAML or CAS connection from the applicant portal to do
the initial authentication to create their account.  This way they don't
need to wait for an initial password from us to arrive by mail, and we
eliminate security concerns with email.  We implicitly trust that if they
have entered all their personal information into the applicant portal, and
based on that we've vetted their data and gone on to offer them admission,
that they are who they say they are.

We currently require password changes 2 times per year, though everyone is
allowed to change their password more often.   I'd like to vary the
expiration interval based on password complexity and length but haven't
implemented that concept yet.

-- 
Dan Schwartz | LTS - Systems and Networking  | Lehigh University |
das1 () lehigh edu | (610) 758-5061



On Fri, Dec 6, 2013 at 9:33 AM, Yost, Davis <yost () northwood edu> wrote:

> Group,
>
>
>
> Looking for guidance on emailing initial passwords to students, dose
> anyone do this?  What do you use for the initial password?  How often do
> you require students to change there password?
>
>
>
>
>
> Thank you,
>
>
>
> Davis Yost
>
> Associate Director of Security and Networks
>
> Northwood University
>
> yost () northwood edu
>
> 989.837.4185 office
>
> 989.859.7761 cell