Re: Security with students entering own data?

From: David K Black <dblack_at_mbunix.mitre.org>
Date: 1996/03/20
Message-ID: <4iq224$69b_at_linus.mitre.org>#1/1

In article <4ip26d$jc_at_ratatosk.uio.no>, Torfrid Leek <torfridl_at_ulrik.uio.no> wrote:
>anybody whose "person number" they might pick up somewhere, changing other
>people's addresses etc - in short, how can we authenticate them?
>So far we have come up with the idea of mailing them usernames and passwords
>with their admission letters - but we are told the vast majority of students
>do not read their mail and do not bring the required documentation.
>
>I would be interested to know if anybody is addressing similar issues, and how.

An imperfect solution:

Create a password using semi-confidential info that you already know about the student. In the US, most college applications ask for the students social security number, and most students (stupidly, I think) provide it. So, in a US context I'd suggest something like

PPPPMMDDSSSS where

PPPP = last four digits of home phone number
MMDD = month and day of birth
SSSS = last four digits of social security number

If you combine this with a requirement that passwords be changed on first logon, you might have something reasonably useful.

>In principle this is no different from letting them make a phone call to the
>student office to update this information.

Do you not "authenticate" them in that context? Or do you just assume the voice on the end of the phone is who it says it is? Received on Wed Mar 20 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Lance Evans: "Re: Oracle-Java-Web"
In reply to Torfrid Leek: "Security with students entering own data?"
Next in thread: Jon Finke: "Re: Security with students entering own data?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message