4.2.4 Credential Issuance and Management

4.2.4.1 Credential Issuance

The subject will identify him/herself using information only known to the subject.
This information consists of:
 

  • First Name
  • Last Name
  • Date of Birth
  • NUID (communicated through official documents sent to the address of record)

4.2.4.2 Credential Revocation

  • We will revoke Credentials and Tokens within 72 hours after being notified that a Credential is no longer valid or is compromised. If a credential loses its validity due to failed attempts, the identity assurance will be removed or degraded, following the process identified in 4.2.3.2. Notification of compromised credentials will be directed to the ITS Security Team, security@unl.edu.

4.2.4.3 Credential Renewal or Re-issuance

  • Passwords can be reset by the subject by accessing https://trueyou.nebraska.edu/, supplying their login name and answers to pre-registered personalized questions OR by Help Center staff after the subject has provided personal information only known by the subject using the process defined in 4.2.4.1.

Help Center Procedure

The Help Center uses the following procedure to perform assisted password reset:

Via Phone Call

 

                -Verify NUID

                - Verify First/Last Name

                - Verify Date of Birth

                (Reset to temporary code as they are guided to the https://trueyou.nebraska.edu/ site, tell them temporary code and verify that they were able to log in and see the change password option)

               

Via Email

                - Verify NUID

                - Verify Date of Birth

                - Verify Permanent Address On File

                (Send them a reply with their temporary code and the site to reset their password)


4.2.4.4 Credential Issuance Records Retention

  • Records of credential issuance and revocation will be retained for a minimum of 7.5 years beyond the expiration of the credential. The records include the credential unique identifier and the time of issuance/revocation.

4.2.4.5 Resist Token Issuance Tampering Threat

  • The subject should access https://id.unl.edu/, examine the server SSL certificate to verify that the IdPO is the source, then claim their account using information known only to the subject.