Main Nav

Greetings,

Here at Massachusetts College of Art and Design we’re looking to implement a form of self-service account claiming process. Currently we disseminate initial account information to our users via postal mail with their username and starting password included. We would like to stop sending out mail and instead direct our new users to visit a website enter certain info about themselves to claim their account. We have the capability of pre-populating new users information in our question and answer password reset tool but we are uncertain of what would be the most suitable identifying information to use. Common pieces of info used by other institutions are typically a combination of last 4 digits of SSN, DOB, ID number and name, but we’re wondering what other schools are using and what works best for our higher ed counterparts.

If any of you are using some form of account claiming methodology – what information are you requiring users to provide to validate their identity?

 

Thanks,


Sam Dolph

Technology

MassArt

 

 

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Sam,

 

Our account management system has what we call a “starter kit” which allows students to create their initial accounts. We require that they know their 10 digit university ID, which is included in their admission letter. For employees, the ID is issued by HR.

 

IU Knowledge Base “How do I get my first computing accounts at IU?” - http://kb.iu.edu/data/achn.html

IT Accounts Starter Kit - https://ams.iu.edu/skit/SkitMain.aspx

 

 

Message from sdkrahn@northcentral.edu

We too have observed that many schools use SSN, DOB, school ID, etc. in these kinds of systems. However that appears inconsistent with some parts of the U.S. FERPA rules. For example, the following statements can be found in http://www2.ed.gov/legislation/FedRegister/finrule/2008-4/120908a.pdf: "The regulations in § 99.31(c) require educational agencies and institutions to use reasonable methods to identify and authenticate the identity of ... students.... The use of widely available information to authenticate identity, such as the recipient's name, date of birth, SSN or student ID number, is not considered reasonable under the regulations." "We assume that educational agencies and institutions that require users to enter a secret password or PIN to authenticate identity will deliver the password or PIN through the U.S. postal service or in person." Is anyone aware of any other resources that clarify what methods are allowed for authenticating students? Steve Krahn Information Technology Department North Central University sdkrahn@northcentral.edu 612-343-4750 ------------------------------------------------------------------------------------
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.