Main Nav


Here at Massachusetts College of Art and Design we’re looking to implement a form of self-service account claiming process. Currently we disseminate initial account information to our users via postal mail with their username and starting password included. We would like to stop sending out mail and instead direct our new users to visit a website enter certain info about themselves to claim their account. We have the capability of pre-populating new users information in our question and answer password reset tool but we are uncertain of what would be the most suitable identifying information to use. Common pieces of info used by other institutions are typically a combination of last 4 digits of SSN, DOB, ID number and name, but we’re wondering what other schools are using and what works best for our higher ed counterparts.

If any of you are using some form of account claiming methodology – what information are you requiring users to provide to validate their identity?



Sam Dolph






********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at




Our account management system has what we call a “starter kit” which allows students to create their initial accounts. We require that they know their 10 digit university ID, which is included in their admission letter. For employees, the ID is issued by HR.


IU Knowledge Base “How do I get my first computing accounts at IU?” -

IT Accounts Starter Kit -



Message from

We too have observed that many schools use SSN, DOB, school ID, etc. in these kinds of systems. However that appears inconsistent with some parts of the U.S. FERPA rules. For example, the following statements can be found in "The regulations in § 99.31(c) require educational agencies and institutions to use reasonable methods to identify and authenticate the identity of ... students.... The use of widely available information to authenticate identity, such as the recipient's name, date of birth, SSN or student ID number, is not considered reasonable under the regulations." "We assume that educational agencies and institutions that require users to enter a secret password or PIN to authenticate identity will deliver the password or PIN through the U.S. postal service or in person." Is anyone aware of any other resources that clarify what methods are allowed for authenticating students? Steve Krahn Information Technology Department North Central University 612-343-4750 ------------------------------------------------------------------------------------

Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.