Re: Security with students entering own data?
Date: 1996/03/20
Message-ID: <4iq224$69b_at_linus.mitre.org>#1/1
In article <4ip26d$jc_at_ratatosk.uio.no>,
Torfrid Leek <torfridl_at_ulrik.uio.no> wrote:
>anybody whose "person number" they might pick up somewhere, changing other
>people's addresses etc - in short, how can we authenticate them?
>So far we have come up with the idea of mailing them usernames and passwords
>with their admission letters - but we are told the vast majority of students
>do not read their mail and do not bring the required documentation.
>
>I would be interested to know if anybody is addressing similar issues, and how.
An imperfect solution:
Create a password using semi-confidential info that you already know about the student. In the US, most college applications ask for the students social security number, and most students (stupidly, I think) provide it. So, in a US context I'd suggest something like
PPPPMMDDSSSS where
PPPP = last four digits of home phone number MMDD = month and day of birth SSSS = last four digits of social security number
If you combine this with a requirement that passwords be changed on first logon, you might have something reasonably useful.
>In principle this is no different from letting them make a phone call to the
>student office to update this information.
Do you not "authenticate" them in that context? Or do you just assume the voice on the end of the phone is who it says it is? Received on Wed Mar 20 1996 - 00:00:00 CET