Educause Security Discussion mailing list archives
Re: inital passwords for students
From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Fri, 6 Dec 2013 12:06:13 -0600
We are planning to implement a process based on the guidance in NIST SP 800-63-2 (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf) Where we would send the student a onetime use password reset link to an email address of record that was supplied by the applicant during the application process. The main quote to refer to in the document is in Table 3 - Identity Proofing Requirements by Assurance Level "If personal information in records includes a telephone number or e-mail address, the CSP issues credentials in a manner that confirms the ability of the Applicant to receive telephone communications or text message at phone number or e-mail address associated with the Applicant in records. Any secret sent over an unprotected session shall be reset upon first use and shall be valid for a maximum lifetime of seven days;" From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Yost, Davis Sent: Friday, December 06, 2013 8:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] inital passwords for students Group, Looking for guidance on emailing initial passwords to students, dose anyone do this? What do you use for the initial password? How often do you require students to change there password? Thank you, Davis Yost Associate Director of Security and Networks Northwood University <mailto:yost () northwood edu> yost () northwood edu 989.837.4185 office 989.859.7761 cell
Attachment:
smime.p7s
Description:
Current thread:
- inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Joel L. Rosenblatt (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students David Curry (Dec 06)
- Re: inital passwords for students Stevens, Eric J. (Dec 06)
- Re: inital passwords for students Yost, Davis (Dec 06)
- Re: inital passwords for students Nick Giacobe (Dec 06)
- Re: inital passwords for students Hugh Burley (Dec 06)
- Re: inital passwords for students Dan Schwartz (Dec 06)
- Re: inital passwords for students Jones, Mark B (Dec 06)
- Re: inital passwords for students Barron Hulver (Dec 06)
- Re: inital passwords for students McLaughlin, Bryan S. (Dec 06)
- Re: inital passwords for students Don Faulkner (Dec 10)