The road to better authentication

Having a good password policy with consistent enforcement is key, says Todd Peterson, IAM Evangelist, at Dell Software

This September thousands of students arrived at higher education institutions ready to study. At the same time the IT department was faced with a number of questions: How do you set these students up with passwords? How do you manage the onslaught of inevitable “password” related questions from students? And what drive does the student have for keeping their password safe?

Simultaneously the IT department has to deal with password issues from two other user populations, faculty staff and alumni. It goes without saying that authenticating your identity when logging onto the University’s systems is vital for all three user populations, especially in an age where universities are a key target for attacks.

Recently, George Mason University had over 4,400 individuals personal information breached and Butler University has warned more than 160,000 students, alumni, faculty, staff, and past applicants that their personal information was exposed during a data breach in 2013. Therefore it is vital that these user populations’ unique authentication needs are addressed in a way that maximises productivity and minimises security risks.

Current students need a simple login process to ensure they frequently use it. One easy way to think about this is to keep the login process as close to their social media experience as possible. However, if they leave the institution it needs to be possible to restrict access, in order to prevent students from accessing restricted data.

Faculty and staff have similar needs to employees in any other corporate organisation. They both need and want easy access, but this must be kept specific to their role and all access should be secure and appropriate, in order to maintain security and avoid data breaches.

Alumni, whilst often overlooked, still need limited access yet it needs to be convenient, only giving them access to the appropriate materials, due to the potential for donations from this population. In addition, alumni need to be able to access the systems forever, even if they only log in once a year.

For all three of these user populations the need for passwords will not go away, because users reject anything which makes it harder for them to access the material they need. Therefore for higher educational institutions looking to achieve secure authentication, the following top tips are a good starting point.

Having a good password policy with consistent enforcement is key. Institutions should be clear on the policy and outline it to all user populations upfront. Going further, having a single sign-on is a great option for institutions as it enables greater security by avoiding users writing down numerous passwords, in order to remember them. This also means that in one go users can be stopped from accessing information they no longer need to access. Alongside this multifactor authentication is a great way to ensure security. Finally, to truly prevent breaches institutions should look at authorisation, meaning what people have access to once they have entered into the system. Institutions should strictly control what people can access and this will differ according to which population a user sits in.

Following these tips will mean higher education institutions will avoid potential data breaches and keep end user populations happy.