Educause Security Discussion mailing list archives

Re: Best practices for identifying students

From: Rich Graves <rcgraves () BRANDEIS EDU>
Date: Thu, 7 Sep 2017 07:03:10 -0500

We never implemented it, but my favorite idea is a variant on this:

    Ask the caller/emailer questions from his/her student record, like

birthdate or course name

Ask them to identify two courses they took recently, and two other students
who were in the same course.

This should be a reliable pass/fail indicator and would not unnecessarily
expose sensitive information to the help desk. The help desk would not need
read access to course lists, just a black-box oracle.

Yes, this is spoofable by other students or by advanced stalkers. So
consider other layers.

Live webcam (not static snapshot and certainly not photo ID exposing a
sensitive number) is good too. Even if the student is overseas, one of FB
Live, Hangout, FaceTime, Skype, etc., should work.

Current thread:

Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Joanna Grama (Sep 07)
- Message not available
  - Re: Best practices for identifying students Rich Graves (Sep 07)
- Re: Best practices for identifying students Hugh Burley (Sep 07)
  - Re: Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Jones, Mark B (Sep 07)