Authentication and passwords

Authentication confirms that the learner or staff member is who they claim to be. Requirements for issuing a unique identifier are detailed in Rule ENR067[1]. Direct access to an enrolment system or student management system requires a:

• Personal Identification Number or other unique identifier, for example a digital certificate
• password
• confidentiality agreement.

Under Rule ENR066[2] users must choose a password.

• [1]

  Rule ENR067: Electronic enrolment - authentication

  When issuing a unique identifier, the tertiary education organisation must do both of the following:

  • authenticate the unique identifier through a passport or birth certificate when it is first issued
  • ensure the unique identifier is:
  • a minimum length (normally six digits)
  • system generated
  • randomly generated or based on user-supplied information
  • not based on easily accessible information, for example a birthday.
• [2]

  Rule ENR066: Electronic enrolment - security

  Tertiary education organisations (TEOs) are responsible for security regarding learner electronic enrolments, and must specify appropriate security standards for staff and learners. Electronic signatures are acceptable when processes meet the specified level of security.

   

  Example:

  When using an electronic signature the learner uses an authenticated unique identifier and a password, which the learner must choose.