All Daemen account information including usernames and passwords is stored centrally on our Active Directory server. The communication between our portal website (MyDaemen) and Active Directory is secured with an SSL certificate. This helps to ensure all communications between the systems remains secure. All servers including Active Directory are protected with Malwarebytes Endpoint Protection, which is an Enterprise class antivirus/malware program. All servers are patched periodically with the latest Microsoft/Linux Security patches.
The Office of Information Technology’s process to create usernames starts after the Admissions Department denotes that the student is in a “registered/student” state. Information Technology personnel review daily reports that list any and all student accounts recently moved to a “registered/student” state. The reports are then compared against our current list of users looking for duplication. After ruling out any duplicates and or misspellings, all accounts are created and added to the correct corresponding email lists. Each account is assigned a unique, random temporary password. The accounts are then active and ready for the student to choose their own password upon first login.
The Password Lookup webpage is secured using an SSL certificate. Located on the Daemen website, this webpage allows students to lookup their account and reset their password. To uniquely identify students, each student is required to provide their date of birth and the last four digits of their social security number. Once the information is validated through the webpage, the student is required to reset their account password to one of his/her own choosing. The password needs to meet our minimum password strength requirement:
All individuals accessing the College’s technology systems and network are bound by our Acceptable Use Policy, as outlined in the Student Handbook and on the College’s website.
The Acceptable Use Policy explicitly states:
“Accounts on College servers are issued to individual users, and are not transferable. The person to whom an account is granted is responsible for all use of that account. Sharing an account or password is not permitted, and users are required to take reasonable steps to ensure the security of their account. Making computing resources available to non-authorized users in any other manner is not permitted.”
Ensuring Student Identity Verification in Distance Education Courses
The aforementioned authentication credentials are used to secure and verify access to most Daemen technology systems including our Learning Management System (Blackboard), our Student Information System (Ellucian WebAdvisor), our web portal (MyDaemen), our print management system (PaperCut), and our email and calendaring platform (Google Apps).
Daemen College students register for all courses by using their authentication credentials to access the online registration utilities within Ellucian WebAdvisor. Those same credentials are required to access the Learning Management System and most other technology systems.
Protection of Student Privacy
Family Education Rights and Privacy Act (FERPA)
Parents with the right to review or inspect their children’s education records as granted by FERPA are directed to contact the Registrar’s Office to obtain the information requested.
Student Record Access
All confidential student records are stored in our Student Information System (Ellucian Colleague). Select College administrators have access to institutional data stored in this system. The system is accessed through a web interface protected by an SSL certificate (Thawte 2048 bit SSL Certificate) and personnel use their Active Directory authentication credentials to gain access.
Students have access to only their own student records. They access their information stored within our Student Information System (Ellucian Colleague) by utilizing the Ellucian WebAdvisor platform. WebAdvisor is protected by an SSL certificate and students use their Active Directory authentication credentials to gain access.
Resetting Student Passwords
Students are allowed and encouraged to reset their passwords often. The password reset tool is a website available on the MyDaemen portal. The password reset tool prompts the user logged in to MyDaemen to re-enter their current password, and then to choose and confirm a new password. All passwords must meet our minimum password strength requirement:
- is at least 10 characters long
- not a dictionary word
- contains numbers and letters (upper and lower case)
- contains characters such as &, *, $, @, <, -, +, or !
If our email systems administrators are notified that an account may have been compromised, they immediately lock access to the student’s account. After locking the account, they then check it for any settings that may have been changed without the student’s knowledge. If changes are found, we correct the settings before allowing the student to reset their password and regain access to their account.
Additional Charges Associated with Student Identity Verification
Daemen College does not assess any additional charges associated with student identity verification procedures such as proctoring fees.
Consistent Application of Student Identity Verification Procedures
The Office of Information Technology (OIT) is responsible for the consistent application of student identity verification procedures. This policy and procedures are reviewed annually by the OIT in August.