Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS


University says yes, researchers suggest caution

Andy Williams, Associate Editor, Avisian Publications

Keeping a university’s computer system secure from outside hackers is only half the battle. Securing the thousands of student computers that log into campus networks on a daily basis is the other half. Protecting the university’s network is an around-the-clock challenge.

The most common way to secure computers and networks is the oft-maligned password. But can passwords be secure? “Yes, if you don’t have any users,” jokes Jacob Farmer, manager of ID Management Systems at Indiana University.

Since 2006 Indiana University has been fighting this battle with a different solution: the passphrase. This is what the school requires its students to use when connecting to the network, a transaction that happens some 100,000 times each day.

The idea of a pass phrase isn’t new. In 2004, Jesper M. Johansson, security program manager at Microsoft Corp., wrote a paper describing the benefits and drawbacks of passphrases. He wrote that passphrases “are coming into vogue for a number of reasons, one being the development of tools that can crack many passwords in minutes.”

He cautiously concluded that pass phrases were indeed more reliable than passwords but they were also saddled with some disadvantages. For example, if the pass phrase is lengthy and you’re not a good typist you could have problems entering the phrase.

“While no one can conclusively answer the question of whether passphrases are stronger than passwords, math and logic appear to show that a five- or six-word passphrase is roughly as strong as a completely random nine-character password,” Johansson wrote. “Since most people are better able to remember a six-word passphrase than a totally random nine-character password, pass phrases seem to be better than passwords.”

That’s one of the reasons Indiana University moved towards pass phrases. “Passwords weren’t strong enough and were cumbersome for users to type,” explains Andrew Korty, Indiana University’s information security officer. “A passphrase is stronger and is more like the sentences people type all the time.”

Johansson agrees. “Certainly a pass phrase of nine words is stronger than a password of nine characters but if you can’t type that many words accurately, it is much worse,” he wrote. “In addition, if the user mouths the pass phrase while typing it, little has been gained.”

Selecting strong passphrases core to IU learning

But one of the strongest arguments in support of passphrases is that they’re easier for users to remember. “If you agree that passphrases are easier to remember, use them,” Johansson says. “You will not be worse off than if you use passwords.”

Before a student logs into Indiana’s system for the first time, the school’s GetConnected Web site helps set up a university account. “The site will configure a student’s computer so it can meet our network and security standards,” says Farmer. “It provides them with a fairly comprehensive package to help them get off on the right foot from a security prospective.”

It also helps the student establish a pass phrase. Each phrase must contain between 15 and 127 characters. It must include at least four unique characters–letters, numbers, or symbols–and contain at least four words. A word must contain two or more distinct letters separated by one or more spaces or other non-letters, not including numbers or the underscore character ( _ ).

For example, “little pink houses-4unme” contains four words and is a valid pass phrase. On the other hand, the phrase “Hoagy_carmichael plays123stardust” only contains two words so would not be valid. Because a pass phrase can be quite lengthy, it becomes more difficult for a hacker to crack, explains Farmer.

Pass phrases cannot contain the student’s name or username, use the @ sign, the number sign (#) or double quotes. It cannot be a common phrase, such as “to be or not to be” or “April showers bring May flowers.”

Finally, the pass phrase should not be based on predictable patterns, such as the alphabet (abc … ) or the keyboard (qwerty). And of course, like passwords, pass phrases are case sensitive, says Farmer.

Students and staff are required to change their pass phrase every two years and it is used to access all IU accounts, including email.

HID Global launched its enhanced FARGO HDP5000 High Definition Printer/Encoder. Featuring the company’s fifth generation of High Definition Printing technology, the enhanced HDP5000 now includes an expanded feature set and is marketed toward government, corporations and universities looking to produce IDs requiring color printing, card encoding and holographic security features on different technology cards.

The HDP5000 printer/encoder features a new and brighter OLED graphical display that is capable of displaying a wide variety of different languages for use in emerging and mature markets throughout the world. For increased productivity, the HDP5000 also features increased card throughput speeds of up to 150 cards per hour and includes an optional dual card input hopper enabling for automatic switching between two different card types.

Security is also enhanced with AES256 encryption and an option to erase data from resin print ribbons after a card has been printed. On the GSA list for FIPS 201 Approved Products, the HDP5000 is designed to help federal agencies comply with emerging federal secure identification directives and standards such as FIPS 201.

For more than 14 years, a range of customers has used High Definition Printing technology worldwide:

CBORD released CBORD Mobile ID, a smart phone app that puts a campus card into the handset. Students can then use their phones for access, vending, attendance and other secure transactions on campus.

CBORD Mobile ID works with both iOS and Android systems. Students can download the app through Apple’s App Store or Google Play. With the app, their phone becomes their card, and they can use it by selecting or entering the location for their desired transaction or access point and then swiping the card icon on the phone to complete the transaction.

The system works with Squadron online locks from HID, Ingersoll Rand and CBORD, as well as keypad-enabled Assa Abloy IP Series locks by entering a one-time use code at the lock.

The app approves transactions after confirming through location services that the user is within a certain distance of the terminal in question. If a phone is lost or stolen, the user can report it like they would a lost card, which will disable to CBORD app running on the phone.

CBORD Mobile ID is available to schools that use CBORD’s CS Gold campus card system.

Georgetown University’s student ID gives its student body access to a number of discounts at retailers ranging from restaurants to yoga studios.

As the Georgetown Wicket reports, students can take advantage of these deals anytime, but with midterms currently looming large a late night snack or exercise session may be just the ticket to sooth the nerves.

The student ID can be used at the Georgetown Chipotle where students get a free soft drink with the purchase of any burrito. Not to be outdone, burrito maker Qdoba has also joined in on the discount fun offering student night every Monday between 2 and 8 p.m. where students get 50% off their first meal and beverage.

However, food discounts on the card are not limited to national chains as local pie shop, Pie Sisters is currently working to make student deals available.

For those students on a full stomach, the Georgetown ID can be used for exercise deals as well. Down Dog Yoga offers a vinyasa yoga class for $12— $6 less than patrons paying without a student ID.

Deals and discounts are a great way to appeal to the cash-strapped and thrifty college student, and may well help to garner student support for school ID systems.

ITC Systems introduced a new software support program that will give customers access to technical support around the clock all year so they can ensure their ITC Systems equipment is always functioning at full capacity.

The new program means customers will experience virtually no break in revenue generation capabilities and can continue supplying their own customers with the high level of service they expect and deserve.

ITC Systems is a supplier of card-based transaction control devices and related software systems. Founded more than 20-years ago, the company provides universities and other institutions with a range of solutions for vending, copying and printing.

The company’s Premium Support Software program minimizes any potential downtime by giving ITC Systems customers access to fully trained technical support representatives any time of the day or night, 365 days a year.

Blackboard Transact has expanded its campus security offerings through a partnership with S2 Security to offer schools and universities more physical security capabilities.

S2 Security, a manufacturer of IP-based physical security and video management systems, will integrate selected NetBox products into the Blackboard Transact platform to enable intuitive browser and mobile-delivered user interfaces that can be operated wherever there is a network connection. For example, authorized administrators can instantly activate a campus lockdown either on location or remotely, via a mobile phone or tablet.

The new capabilities complement the Blackboard Transact platform’s cloud-based ServicePoint architecture, Web services, and DR series of door readers. The capabilities also leverage Near Field Communication-compatible credentials, including FeliCa and MIFARE, through enabled cards or mobile devices.

The partnership will also enable schools to help protect their current infrastructure investment through the compatibility and potential re-use of Mercury Security hardware.

The announcement was made at Blackboard Spring Training 2013, the annual user conference in Phoenix.

CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.