Educause Security Discussion mailing list archives
Re: Best practices for identifying students
From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Thu, 7 Sep 2017 19:25:15 +0000
In the age of Facebook, it is too easy to obtain a picture to text or email. Student record quizzes and security questions are in my opinion too easy to obtain. I like schemes that offer the user multiple ways to prove their identity such as: Sending a onetime use link to a personal, preregistered email address Sending a code to a preregistered mobile phone Placing a live call to a preregistered mobile phone Conducting the ‘in-person’ identity vetting procedure over live video From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of WALTER KERNER Sent: Thursday, September 07, 2017 6:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Best practices for identifying students Hi all. Can you comment on your practices and procedures for confirming student identity if they request a password re-set? We have to service people in person, through email, and on the phone. A couple of ideas if have heard Ask the caller/emailer to text or email a picture of him/herself Ask the caller/emailer questions from his/her student record, like birthdate or course name Set up a knowledge-based question set like mother’s maiden name or favorite movie. Are you using these or other techniques? We appreciate the insights. Thanks Walter Kerner Acting AVP and CISO [blue] 333 7th Avenue, 13th Floor New York, NY 10001 Voice: 212-217-3415
Current thread:
- Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Joanna Grama (Sep 07)
- Message not available
- Re: Best practices for identifying students Rich Graves (Sep 07)
- Re: Best practices for identifying students Hugh Burley (Sep 07)
- Re: Best practices for identifying students WALTER KERNER (Sep 07)
- Re: Best practices for identifying students Jones, Mark B (Sep 07)