Verification of Student Identity in Distance Education

Tags infosec

The purpose of this policy is to ensure that Saint Peter's University operates in compliance with the provisions of the United States Federal Higher Education Opportunity Act (HEOA) and other applicable regulations concerning the verification of student identity in distance learning.

This policy applies to all credit-bearing distance learning courses and programs offered by Saint Peter's University, beginning with the application for admission and continuing through to a student’s graduation, transfer, or withdrawal from study.

All credit-bearing courses and programs offered through distance learning methods must verify that the student who registers for a distance education course or program is the same student who participates in and completes the course or program and receives academic credit.  The method for such verification is the University secure login (username) and password.   Login credentials are stored in an encrypted database and can only be updated by the student him/herself or an authorized IT administrator.

Students have the option to add multi-factor authentication to their login credentials, but unlike faculty and administrators are not required to do so.  Students are required to change their password at least once every 180 days and must follow the password complexity requirements listed below.

  • must be between 8 and 14 characters in length
  • must include at least one upper case letter, one lower case letter, and one number (e.g., blUebell36), and
  • must not include the student's name

The University’s Distance Learning policy requires that all courses be developed and run in the University’s instance of Blackboard Learn. No other course delivery software packages are allowed. 

Students are responsible for maintaining the security of their ID’s and passwords. Access credentials may not be shared or given to anyone other than the student to whom they were assigned to for any reason. Students are responsible for any and all uses of their account. Students are responsible for changing passwords periodically to maintain security. Students are held responsible for knowledge of this information, which is contained within the most recent University Catalog as well as the Student Handbook. Failure to read University guidelines, requirements and regulations will not exempt students from responsibility.

Users must not attempt to disguise their identity, the identity of their account or the machine that they are using, when using university IT resources. Use of technology to conceal one’s identity, such as masking an IP address or using VPN technology for anonymity, is forbidden.

Personally-identifiable information collected by the university may be used, at the discretion of the institution and in compliance with applicable state and federal laws, as the basis for identity verification.  For instance, a student requesting that their learning system password be reset may be asked to provide two or more pieces of information for comparison with data on file, or may be subject further identity verification through Office of Information Technology Services procedures.

Students must provide complete and true information about themselves in any identity verification process, in accordance with the Student Handbook.

Faculty teaching courses through distance education methods must ensure that their individual courses comply with the provisions of this policy.  Faculty must inform the Office of the Provost of any new technologies being used to verify student identity, so that published information on student privacy can be maintained appropriately, and so that that the university can coordinate resources and services efficiently.

Deans and directors of college-level units shall ensure that faculty comply with this policy and its provisions. Deans and directors shall ensure that academic awards and degree programs within their units comply with the provisions of this policy.

The Office of the Provost shall ensure university-wide compliance with the provisions of this policy and shall ensure that deans and directors are informed of any changes in a timely fashion.

The Office of the Provost shall publish university-wide information on how identity verification processes protect student privacy. The Office of the Provost shall coordinate and promote efficient use of university resources and services and shall ensure that university level processes (e.g., admissions or registration) also remain in compliance with this policy.

Should a student forget her/his password the Office of Information Technology provides a secure self-service password reset system which relies on either challenge questions and answers previously established by the student or verification of secure non-public student information.   If a student needs an authorize IT itemisation to help with a password reset they must provide external verification of identity using one of the methods listed below.

  • University issued OneCard with photo matching the student's appearance (in person or via video conference)
  • A government issued photo ID such as a driver's license or passport

Violators of this policy may have access reduced or revoked.

Approved by IT Governance Committee on 09-20-2022