Password Registrar, What is a password registrar?

This page contains information on the rights and responsibilities of a password registrar.

A Password Registrar is an individual who has been authorized (by a department head, college dean, or the Technology Services Help Desk) to generate a password reset token for other customers.

The Registrar's ability to generate password tokens can be limited in a variety of ways, including particular groups (only people within the Registrar's department, for example), times of day (such as weekday mornings only), or even particular machines (such as the Registrar's computer only).

Requirements

A Password Registrar is responsible for upholding the University's Appropriate Use Policy and respecting the privacy of users.

A Password Registrar must be especially aware that passwords associated with an individual's network IDs and computer logins must not be shared. Compromised passwords may affect not only the individual, but also other users on campus or on the Internet.

In brief, the Password Registrar must agree to the following:

  1. To generate a password reset token only by explicit request of the owner.
  2. To generate a password reset token only after positively confirming the owner's identity, preferably by a University of Illinois photo ID.
  3. To never reveal a NetID password to others.
  4. To maintain a secure machine for Password Registrar functions: physically secure against unauthorized access and electronically secure by the timely application of patches.
  5. To maintain the security of his or her NetID passwords.
  6. To never use someone else's password to gain access to accounts or services.

A Password Registrar must reapply for Registrar status every year if he or she continues to require access.




Keywords:registrar   Doc ID:53575
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-07-02 11:25 CDTUpdated:2017-04-10 13:42 CDT
Sites:University of Illinois Technology Services
Feedback:  1   0