Authenticating Students in Online Programs

We would like to know what methods the other schools are using for authenticating or verifying the students taking online programs. What methods are you using to verify the person who registered for the course is the one that’s actually taking the course or the exam online, other than username and password? Does anyone use 360 degree camera/web cam to verify students or something else?
Rena Allen
(Indiana University Kelley School of Business)

John Yearwood (Lamar University)
For quizzes I sometimes use the BlackBoard/WebCT feature that lets me specify the IP address for each computer where a student will take the test (or a range of IP addresses). Then I check the students into the lab where the computers are and monitor the quiz. But mostly I try to design online courses that will require lots of individual input in the form of discussions, projects, email queries, and the like. I try to use the technology to generate a better sense of the students, not keep them at arm's length. Ultimately, short of proctoring every assignment on selected and validated computers, there's no solution and that seems to defeat the purpose of making courses available online. I keep thinking about the student I have who is taking the course while deployed in Iraq. Honestly, under that circumstance, I can tolerate a little wiggle room in the validation context.

Dorothy Keyser (University of North Dakota)
Our continuing ed folks are still doing it the old-fashioned way -- the students come to a testing center and are monitored while they take the test.

Don Carter (Norther Arizona University)
Some of our online programs require proctored exams in either our Distance Learning sites around the state (35 or so of those) or in other negotiated sites such as HS or Community College learning centers. Most of the online programs use the same technology that is used in f2f classes.

Fred B. Lokken (Truckee Meadows Community College)
Actually, most LMSes have the same feature as Blackboard (we use both Angel and Moodle and both allow this).

I'm assuming the recent re-authorization of the HEA has triggered this question? As chair of the Instructional Technology Council, I participated in efforts to amend the language of the HEA - it was too late but clarifying language was included - that language will be used during the upcoming rule-making/regulation phase. At any rate, there is fear that the HEA is pressing for higher expectations BUT that is not the case - the language is very specific and currently limits itself to access authentication.

From the HEA:

The Senate amendment and the House bill require accrediting agencies to require that institutions of higher education offering distance education programs have a process by which the institution of higher education establishes that a student registered for a distance education course is the same student that participates in, completes, and receives credit for the course.

Clarifying language attached to the law:

The Conferees adopt the provision as proposed by both the Senate and the House. The Conferees expect institutions that offer distance education to have security mechanisms in place, such as identification numbers or other pass code information required to be used each time the student participates in class time or coursework on-line. As new identification technologies are developed and become more sophisticated, less expensive and more mainstream, the Conferees anticipate that accrediting agencies or associations and institutions will consider their use in the future. The Conferees do not intend that institutions use or rely on any technology that interferes with the privacy of the student and expect that students' privacy will be protected with whichever method the institutions choose to utilize.

Kassia Dellabough (University of Oregon)
We use student email & password to access Blackboard course sites and it is part of our authentication system across campus. As an instructor both face-to-face and on-line I find that motivated cheaters will find ways regardless of format and until we opt for fingerprinting or optical scans in all settings we cannot verify.

Richard Fasse (Rochester Institute of Technology)
Rena’s post reminded me of something from several years ago and I think this is it: Secureexam Remote Proctor

I would not want to be the one responsible for administering all this video proctoring. Perhaps for very high stakes quizzing it would be appropriate.

If you are not so concerned as to require a video proctor, then you might consider a high-stakes online quiz. Below is our current set of tips for setting one up. It was developed by surveying our faculty who use online quizzing and combining their ideas into one set of practices. But only a handful of our faculty are using High Stakes quizzing as outlined below. Low-Stakes quizzing is used much more widely. We also have the Respondus Lockdown Browser available for lab quizzing and it could be used for remote quizzing but we haven’t explored that.

Jane WInkler (University of Western Onotario)
Troy University is using Remote Proctor. Further info, including their experience with the hardware/software, is available by contacting Ronald Creel (Director of Educational Technology) rcreel@troy.edu

Kay McLennan (Tulane University)
I am similarly in search of information on how to respond to the new provision in the Higher Education Reauthorization Act (signed into law on August 14, 2008) that requires institutions to authenticate the identity of distance education students. In particular, here is what I know as well as the questions I currently have on the new mandate and need-less-to-say, I am keenly interested in feedback from the others responding to the mandate.

The Mandate:
[From the American Council on Education "Analysis of Higher Education Act Reauthorization"] "Accreditors must, ...require institutions that offer distance education to establish that a student registered for a distance education course is the same student who completes and receives credit for it." Also, "...provisions of the act are effective August 14, 2008 unless otherwise noted."

The Known Options

• Setting up proctored exam centers;
• Allowing students to nominate their own proctors (using a prescribed criteria like no employers or relatives, etc.) pending approval from the institution;
• Using certified IP locations (after a student ID check) to submit online work;
• Use of the Secureexam Remote Proctor System [the system Troy University has been testing that costs students ~$150 for the device and only works with the Windows operating system (according to the July 25, 2008 article in the Chronicle of Higher Education entitled "New Systems Keep a Close Eye on Online Students at Home" by Andrea L. Foster)];
• Use of the Webassessor Proctor System [the system being tested by the Pennsylvania State University system's World Campus that costs students ~$50 - $80 to purchase the camera, costs the institution ~$20,000, and students must have a broadband Internet connection to use the system (see the citation above)];
• Anything else?

Questions:

• Does every single graded deliverable in a distance education course have to be authenticated or a majority of the work or just the final exam/deliverable?
• Is the provision really in effect now?

JQ Johnson (University of Oregon Libraries)
See Are Your Online Students Really the Ones Registered for the Course?
Student Authentication Requirements for Distance Education Providers

I don't believe that the HERA requires proctoring per se, though this winter's DoE rulemaking may. The House/Senate conference report, p 139, states:]

The Senate amendment and the House bill require accrediting agencies to require that institutions of higher education offering distance education programs have a process by which the institution of higher education establishes that a student registered for a distance education course is the same student that participates in, completes, and receives credit for the course.

The Conferees adopt the provision as proposed by both the Senate and the House. The Conferees expect institutions that offer distance education to have security mechanisms in place, such as identification numbers or other pass code information required to be used each time the student participates in class time or coursework on-line. As new identification technologies are developed and become more sophisticated, less expensive and more mainstream, the Conferees anticipate that accrediting agencies or associations and institutions will consider their use in the future. The Conferees do not intend that institutions use or rely on any technology that interferes with the privacy of the student and expect that students’ privacy will be protected with whichever method the institutions choose to utilize.”

In other words, best practices are all that the bill requires, and at the moment requiring an individual password as part of the test taking process is adequate, though more is better. The typical features offered by a mainstream course management system would seem to be the appropriate de facto standard, so until Blackboard or one of its major competitors offers more robust authentication, I think the level of authentication offered by Blackboard is probably adequate.

I do believe that the language of the act and the conference report require that there be authentication in place for all assessments (including any online analog of attendance), not just final exams. This is particularly significant if some components of the course are not delivered through the CMS (e.g. links to outside blogs where students are expected to post, or assignments that students update wikipedia, or ...).

Jarret Cummings (EDUCAUSE)
I asked one of our senior policy analysts about Dr. McLennan's question concerning the Higher Education Opportunity Act's provisions on authenticating the identity of distance education students.

---

First, it is decidedly not the case that the HEOA "requires institutions to authenticate the identity of distance education students". The requirement pertains to accreditors, not institutions: "the agency or association [i.e., the accreditor] requires an institution that offers distance education or correspondence education to have processes through which the institution establishes that the student who registers in a distance education or correspondence education course or program is the same student who participates in and completes the program and receives the academic credit".

And so, second, while the effective date is, indeed, August 14, 2008, this is the date when the accreditors must start following these rules. Which means that the next time an institution is up for (re)accreditation, their accreditor will be taking this provision into account. The legislation does not require accreditors to go back and apply the law retroactively.

But, third and most important, the HEOA Conference Report says (see p. 136, emphasis added):

The Senate amendment and the House bill require accrediting agencies to require that institutions of higher education offering distance education programs have a process by which the institution of higher education establishes that a student registered for a distance education course is the same student that participates in, completes, and receives credit for the course.

The Conferees adopt the provision as proposed by both the Senate and the House. The Conferees expect institutions that offer distance education to have security mechanisms in place, such as identification numbers or other pass code information required to be used each time the student participates in class time or coursework on-line. As new identification technologies are developed and become more sophisticated, less expensive and more mainstream, the Conferees anticipate that accrediting agencies or associations and institutions will consider their use in the future. The Conferees do not intend that institutions use or rely on any technology that interferes with the privacy of the student and expect that students¹ privacy will be protected with whichever method the institutions choose to utilize.

Thus, for now, ID's and passwords are all that's needed, with the requirement that they be used each time a student does online work. Future technologies are left for the future, which seems like the perfect place for them, at which time they must be "considered", which also seems pretty non-disruptive.

His comments below indicate that this issue is primarily affects the accrediting agencies at this stage, and even then in a minor fashion based on the conference report regarding the legislation. Hopefully this lessens any anxieties about the HEOA's impact in this area.

Your rating: Select ratingPoorOkayGoodGreatAwesome

Your rating: None Average: 4.7 (3 votes)