Student Authentication in Higher Education-Active Authentication

Share This:
Facebooktwittergoogle_pluslinkedinmail

Welcome to the second entry in our 3-part series about student authentication and the implications for higher ed. Over the next few days, we will be taking a look at three distinct areas in which institutions of higher learning are having to take a closer look. Authorized Access, Active Authentication, and Assessment Auditing are critical in efforts to ensure academic integrity.

Active Authentication

Many persons who are trying to lose weight need some accountability to someone else to ensure that they are consistently doing the right things.  That accountability could come from their parents, a friend, a doctor or maybe a fitness coach.  Higher education institutions have two organizations that require accountability from them – the federal government and accrediting agencies.

The federal government is very interested in knowing that the student they provide federal funding to in the forms of grants and loans is the same student that is receiving the education.  However, like a friend who gives you partial advice for losing weight, the federal government’s requirements are lacking when it comes to a school doing everything it can to foster a culture of academic integrity.

The federal government provided this guidance in the United States Federal Higher Education Opportunity Act (HEOA) of 2008, Public Law 110-315, concerning the verification of student identity in distance learning.  Part H states:

Requires institutions that offer distance education or correspondence education to have processes in place through which the institution establishes that the student who registers in a distance education or correspondence education course or program is the same student who participates in and completes the course or program and receives the academic credit. The agency meets this requirement if it— 1. Requires institutions to verify the identity of a student who participates in class or coursework by using, at the option of the institution, methods such as: a. A secure login and pass code; b. Proctored examinations; and c. New or other identification technologies that are effective in verifying student identification; and 2. Makes clear in writing that institutions must use processes that protect student privacy and notify students of any projected additional charges associated with the verification of student identity at the time of registration or enrollment.

Just as there are often weaknesses in advice given for losing weight, in my opinion, the following weaknesses exist in this guidance from the federal government: (1) the regulation applies only to distance education or correspondence courses, (2) the regulation mentions the action when a student “participates in” such courses, but compliance with such participation is not measured by the minimum acceptable authentication strategy of usernames and passwords, and (3) no further guidance has been provided on this matter since 2008.

Applying only to distance education and correspondence courses substantially limits the effectiveness of the regulation in fostering a culture of academic integrity which is the ultimate goal.  It is more difficult when only one person in a family is trying to lose weight.  It also does not seem fair and creates what some consider a “double standard” when distance education and correspondence courses are held to a higher standard than on-campus courses.  Many students who enroll in distance education courses also take on-campus courses and/or hybrid courses, so they may experience inconsistency in standards and expectations.  For an institution to foster a culture of academic integrity such regulations ideally should be imposed enterprise-wide.  When students experience consistent policies and expectations regarding academic integrity across all of their courses regardless of the delivery system they are more likely to inculcate these principles into their personal and professional lives which is the ultimate goal.

“Participating in” the course is included as a requirement of the regulation, yet this facet is not appropriately regulated by the minimum strategy of requiring a username and password.  As stated above, these login credentials are appropriate for authorizing access, but they are not appropriate for determining if that same student is the one “participating in” the course.  The federal government wants to ensure that the student they loan the federal financial aid to is the student who is actually learning from (“participating in”) the course.  With the way the regulation is stated, a school is in compliance if they use just one of three options – secure login, proctored exam or some other new identification technology.  Many schools are meeting the letter of the law by using just usernames and passwords.  But in doing so they are missing the real intent of the regulation and are not ensuring that the same student who logged into the course is the same student who is engaging in the course activities.  What is needed is one of the ”new identification technologies” that the regulation mentions.

The federal government had the foresight to recognize that as education technology evolves, that new identification technologies would emerge that did not exist in 2008 when the regulation was authored.  So, they allowed for the use of these emerging technologies to meet the requirements of this regulation.

SmarterID is a new, emerging technology that vastly improves the process that most schools are using to meet this federal regulation.

At the time of enrollment when the student’s identity is verified, an official image of that student is stored in SmarterID.  Next, at institutionally determined events in the instructional delivery, the student is prompted to position their face in a box on the screen and simply click a button to take a photo.  That photo is matched against the official photo stored in SmarterID using facial recognition technology.  If the images match, the second photo is erased and the student’s participation in the course is documented.  If the images do not match, an anomaly report is provided to the instructor and/or their administration.  Schools and/or their faculty can determine the frequency and placement of these authentication prompts.  Concerns regarding interrupting the student are mitigated by placing the authentication prompts at course events for which cognitive load is at a minimum.  Examples include when a student clicks the submit button after composing a discussion board post or when opening an assignment link.  Concerns about privacy are mitigated because the student is instructed to place their face in the photo window in a manner that minimizes background content in the image.  The majority of the image is their face.  In addition to the facial recognition factor, SmarterID will also evolve to be able to verify user consistency using data such as IP addresses, geo-tracking, keystroke analytics, cookie tracking and computing device name.  Students exhibit usage patterns typically logging into their courses consistently using the same devices (computer, phone, tablet).  They also typically connect from consistent locations such as their home, workplace, school, or public place with free wifi such as a coffee shop.  As SmarterID evolves it will be able to detect anomalies from patterns such as a student logging in from one of those typical locations for un-graded coursework but when a graded assignment or exam is submitted if the login was from an IP address that is different this could be an indicator that another individual is submitting the graded work for the student.

No further guidance has been provided by the federal government since 2008, but this silence should not be interpreted that they are still not concerned.  With more than $150 billion in student aid distributed each year by the federal government, it has become a target for identity fraud. According to the Department of Education, From 2009 to 2012 $187 million of federal student aid was lost to identify fraud and the amount increased to $200 million from 2011 to 2014.

When SmarterID is used as a “new authentication technology” the school is not only further in compliance with this regulation than they were with just username and password, but they are taking a proactive step toward fostering g a culture of academic integrity.  When a school implements SmarterID enterprise-wide, they are then taking a holistic, fair approach to promoting academic integrity.

The recommended strategy is for a school to enterprise-wide use username and passwords to ensure authorized access, SmarterID to ensure active authentication, and proctored exams to provide assessment auditing. 

SmarterID serves as a multi-factor, multi-instance authentication that is secure, robust, intuitive, enterprise-wide and protects the student’s privacy.

Share This:
Facebooktwittergoogle_pluslinkedinmail