Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
I have a question regarding a very large third party CRM vendor. As expected, the vendor allows users (leads/applicants) to set up password-protected accounts to enter in general and sensitive information about themselves and eventually use this and additional information to submit an application to the institution. We (Tech staff) have recently learned that the user passwords are stored in clear text, and are available to the employees in admissions who work on the system.
We have asked about encrypting the passwords, and the vendor has told our folks that no one else in higher education is encrypting passwords and that it would be difficult, leading our admissions/enrollment management folks to question whether or not this is a “best practice”. I think it is simply being prudent, and that there is no reason for anyone to know another persons’ authentication credentials. What are your thoughts? Is this over-the-top security?
Chief Information Officer
1001 Rogers Street
Columbia, MO 65216