Rules and Regulations: Why Strong Online Learner Authentication is Needed

A common part of the educational experience dating back to even the one-room schoolhouse days is the process of “taking role” or "attendance." I always enjoyed this daily event because with my last name being Adkins I was at an alphabetic advantage and my name was called first. It made me feel special. But, have you ever stopped to question why your school teachers do this? Why did they keep records of who was present and absent?

In this two-part blog series, I will be exploring the role of learner authentication compliance and its use with authentic assessments. In this first blog, I will focus on how schools can and should be meeting regulatory requirements for online learner authentication. The second part of our series will focus on using SmarterID with authentic assessment.

Take a look at the video below to learn why strong online learner authentication is needed, what rules and regulations are governing online learner authentication, and a solution to assist validating learners in a secure, safe, and credible way.

Don't want to watch the video? No problem! Check out the video summary below. 

Video Summary

Authentication vs. Authorization

There are multiple reasons to record students' attendance. Some of them ranging from safety issues of making sure all students physically made it to school, to academic progress issues of keeping track of who was missing out on instruction.

Now, because of the increase in online learning, the reasons for keeping track of attendance has evolved and become more complicated. However, the basic need for it to be known which students are present for the learning experience is still a requirement. It is especially a requirement in online education where the student and teacher are separated by time and space. We now call the process “learner authentication.”

In addition to just being sure that the online students are engaged in learning, authenticating learners is important due to federal financial aid requirements as well as academic integrity expectations. To prevent fraud, the government requires schools to document that the persons receiving financial aid are indeed the persons receiving the instruction. To prevent cheating we must be sure that persons doing the course work and completing exams are the persons who will be receiving the academic credit.  

Historically, learner authentication in online courses has primarily been achieved through the use of user names and passwords. This is partially due to weak wording in a federal regulation that was updated in the summer of 2020 (Stick with me and I'll talk more about this in a moment).

But this process was insufficient and inappropriate for academic learner authentication. A username and password may be a good approach to keeping persons from accessing your online bank account or a video streaming service, but in those cases, the goal is to keep unauthorized persons from accessing your account. The problem that needs to be addressed in this case is the fact that students could willingly provide their username and password to another person whom they have asked to do their work and take their tests for them. This is a difference between authorization and authentication.

Online Authentication

Authentication is the process of making sure that the person engaging in the course is the actual student. There are four basic ways to authenticate someone online. 1) You can authenticate using something you know such as a prior phone number or address. 2) You can also authenticate using something you can do such as selecting secret regions of a picture. 3) Or, you can authenticate using something you have such as a random number generating access token. But all three of these suffer the same weakness of a password in that a student could equip the imposter with the information they need to falsely authenticate. 4) The fourth way is the most robust form of online learner authentication, which involves biometrics.

There are several forms of biometrics including fingerprint recognition, retina recognition, ear shape recognition, voice recognition, vein recognition, and signature recognition. These forms of biometrics can produce reliable results, but they typically require additional technology that is quite expensive. The two forms of biometrics that can be achieved online using standard Internet-based technology are facial recognition and keystroke recognition.  

Authentication During the Course

Over the past few years with the advent of virtual exam proctoring, the use of facial and keystroke recognition has become commonplace and expected during the process of proctoring an exam. This is a good practice, however, in most courses, much of the work that the student is evaluated on is done outside of an exam. This can include discussion board posts, submission of papers, group projects, virtual presentations, etc. It is just as important that learner authentication take place during the online course as it does during an online exam.

With SmarterID, institutions are able to validate learners at random times during the online course utilizing keystroke recognition and/or facial recognition. This serves as a deterrent to someone other than the actual student doing the work in the course.

Regulations Governing Learner Authentication

Now that I have reviewed the rationale, methodology, technology, and positioning of online learner authentication, let's consider the regulations regarding learner authentication which are especially relevant during and after the pandemic.

There is a free e-book that I highly recommend titled Pursuing Regulatory Compliance for Digital Instruction in Response to Covid-19: Policy Playbook. This publication provides a concise review of regulations regarding accreditation, financial aid, state authorization, student civil rights, and course level regulations which include fair use of digitized materials and learner authentication.

In response to the massive shift to online learning during the pandemic, on March 5, 2020, the Department of Education issued guidance to accrediting agencies and the institutions they serve waiving regulations regarding identity verification during the pandemic. However, now that we are shifting from emergency remote teaching to planful distance learning, schools need to be aware of and responsive to the regulations regarding learner authentication.

The basic premise of the regulation is that accrediting bodies require institutions to have processes that ensure that the student who registers for a course is the same one who academically engages in the course. While the primary concern of most faculty and the institutions they serve is to foster academic integrity, the primary concern of the federal government is in preventing federal financial aid fraud. When learner authentication is not conducted, persons can commit financial fraud in online courses by receiving federal aid for courses they are not actually taking. This is a significant problem documented in 2013 when the Office of Inspector General audited eight distance learning programs and found that nearly 222 million dollars was distributed to 42,000 distance education students who did not earn any credits during a payment period.

Edits to the Regulations

During the pandemic, the Department of Education made a planned improvement to the federal regulation regarding learner authentication on July 1, 2020. The prior regulation included examples of ways to demonstrate compliance that included username and password. However, many institutions were interpreting this to mean that a username and password alone were sufficient, when indeed they were not. 

In the improved language, the accrediting agencies can require institutions to provide evidence that the process they are using to authenticate learners is working. One commonly used process of learner authentication is achieved during proctored exams. But it should be restated that much of the course grade is dependent on work done outside of the exam and that many courses use alternative methods of competency demonstration instead of exams.

Educational leaders recognize that no process nor technology for learner authentication will be perfect. Neither the Department of Education nor accrediting agencies are mandating perfection. But the accrediting agencies are looking for evidence that a school has appropriate and updated policies, workflows, software, and faculty training in place to address the issue.

Authentication Recommendations

The student identity verification section of the free e-book that I referenced earlier concludes with these five recommendations:

1. Research expectations from the institution’s accreditor.
2. Set clear policies for students and staff that outline the expectations that the student registered for the course is the one who academically engages in the course.
3. Review and purchase useful tools and programs that can be used in courses to help with student identity verification.
4. Provide development opportunities and support for instructors.
5. Document any changes to institutional policies.

Try putting these recommendations in place in order to maintain clear, concise compliance with authentication regulations. 

Start Authenticating with SmarterID

As your institution strives to improve its processes for student identity verification, take a look at SmarterID which utilizes keystroke and/or facial recognition at random times during the course, not just during an exam. The reporting provided by SmarterID is strong documentation that your learner authentication process is working.

Coming up next in this blog series, I will be focusing on how institutions can use SmarterID for authentic assessment. Be sure to subscribe to our blog to receive notifications when our next blog is published!