| PublicationDate: 11/6/98 Summary: TIV WAN Authenticators Author: CPS - Central Processing System (CPS) Posted November 6, 1998 To: TIV WAN Destination Points From: U.S. Department of Education Re: TIV WAN Authenticators I understand that some financial aid officers are concerned about the new procedures for authenticating users of the Title IV Wide Area Network (TIV WAN). These procedures will protect the privacy of students, not invade the privacy of TIV WAN users. Recently, the Department undertook a security review of TIV WAN, as required every three years under the Computer Security Act of 1987. The review found that, to protect the privacy of student data in full compliance with the Privacy Act, the Department must strengthen its authentication of TIV WAN users' identities. The Department is ultimately responsible for authenticating TIV WAN users before providing access to students' private data (i.e., over 30 million NSLDS student and borrower records). In response to this security report, we have implemented a new procedure in Title IV WAN to authenticate users through their date of birth, social security number, and mother's maiden name. We will not check the authenticity of mothers' maiden names, because the purpose of this data is simply to authenticate users in the case of resetting the passwords for TIV WAN ID numbers. If we discover that a TIV WAN user has a defaulted student loan, we will attempt to collect that loan. However, we will not disallow loan defaulters from accessing TIV WAN on that basis alone. I hope this information addresses your concerns. Jerry Russomano Director, Program Systems Service |