Student Account Management

[PEO]

Hi gang, Me and my Bro have been working on a project for my school and I would like to show you all some screen shots.

Basically the way I have the system setup at my school is we store all the student username and passwords on a spread sheet. One of the most demanding jobs if dishing out username and passwords to students who have forgotten after a summer break etc.

So what I intend to do is allow staff access to the student username passwords through a secure webpage, which means this lowers the number of kids at my door asking for account information, stops students form going for a wonder in the corridor, and if you are like me and dont know half the kids names by face then this will improve student account security.

to access the system staff have to enter there network username/passwords followed by a secret word of the week or day which only staff will know.

from here they then select the students year of intake and then select the student name. this then does a search of the database and presents the username password to the teacher.

The system is set to time out (which is set in the admin control pannel) no matter if the teacher is using it or not the system will time out and prompt for a login on next request.

The system will have security logs of who logged in stamped by a date and time. this is just a small part of whats been done.

plans after the first release is...

creation of student accounts
access to student account work space
and any other suggestions from edugeek members.

Like I say this is just some brief screen shots as we are still developing it.

Cheers

Kev

[PEO]

ps this will be available hopefully to edugeek, but I would like some people to help with beta testing

[FN-GM]

We just delegated rights so certain staff can reset and unlock locked out accounts then made a custom MMC

[PEO]

We just delegated rights so certain staff can reset and unlock locked out accounts then made a custom MMC

We have a system in place to enable and disable accounts, every school is diffrent

[PEO]

come to think of it we will be looking at enabling and disabling accouts too

[FN-GM]

Sorry that you say reset passwords and unlock locked out accounts

[Sylv3r]

I'm not sure how comfortable with unencrypted access to student passwords - I think it would make more sense if staff can change passwords only and not be able to view existing passwords.

I take it staff can not see other staff passwords?

I may have got the above wrong, but the project looks good from the screenshots.

[PEO]

I'm not sure how comfortable with unencrypted access to student passwords - I think it would make more sense if staff can change passwords only and not be able to view existing passwords.

I take it staff can not see other staff passwords?

I may have got the above wrong, but the project looks good from the screenshots.

Hi, no Teachers can not view one anothers username passwords The word of the day/week can be changed from the admin dashboard, which is an additional password to the teachers username password. I think this is more secure than allowing a teacher acces to resetting a students username and password. Pluss this has a time out on it.

We will be looking at encryption soon. for now we are just starting small and going from there

[budgester]

So are you doing lookup against LDAP or Active Directory ?

I always think the the best way is to reset the students password. Rather than being able to view the existing one.

I think reset the password to something generic and set the "change password on next login" is best strategy. This then allows the students to know that there account is secure.

I really don't like the idea of sharing passwords, most people use the same password for multiple accounts i.e hotmail, facebook etc. Do we really want teachers knowing these ? It could cause all sorts of issues.

[PEO]

So are you doing lookup against LDAP or Active Directory ?

I always think the the best way is to reset the students password. Rather than being able to view the existing one.

I think reset the password to something generic and set the "change password on next login" is best strategy. This then allows the students to know that there account is secure.

I really don't like the idea of sharing passwords, most people use the same password for multiple accounts i.e hotmail, facebook etc. Do we really want teachers knowing these ? It could cause all sorts of issues.

Hi

our username password policy is very strict to the point where they tend to forget the login info I don't like the idea of giving the teacher rights to setting a password.

Eventually we will have the sytem setup with ldap which will work best for most schools and allow the systems administrator the ability to allow the teacher to enable doable and change passwords. Right now we are building a secure cms. Like I say first draft and ideas are most welcome

[Edu-IT]

I don't like the idea of giving the teacher rights to setting a password.

Just out of interest, why?

[DaveP]

I always think the the best way is to reset the students password. Rather than being able to view the existing one.

I agree.

I always tell staff [and students] that we do not know what their current passwords are set at and that we cannot find out what they are. I would not like staff and students to pressure our Network Support Department to deploy a solution which would show what current passwords are set at. The potential for confidentiality breach and all that follows does not bear thinking about. I would not supply a solution on a network that I am responsible for which would allow for the decode of any users' current password.

This is just how I feel. If others disagree I am sorry.

[FN-GM]

I agree to, surely resetting a password is allot more secure than viewing it.

[rosswilson]

Just out of interest ... how does your system know the user's password? I was under the impression that AD passwords used one way encryption.

Does your system therefore just store a separate list of user's passwords (much in the same way as the spreadsheet method)? If it does, when a user changes their password (for example at the "change password on next login" prompt, how does your system stay in sync?

Kind Regards,

Ross

[Nick_Parker]

Sorry, a bit off topics, what are you using to write your web interface? ASP.Net?