I saw a public post on Facebook that shared the photo of a receipt from University of Mauritius which appeared to show a fee charged for resetting the student email password. The amount mentioned is Rs 50 ($1.42). It looks kind of funny, if I won’t say unethical, to charge for password resets. Besides I’d expect email account password reset requests to be automated.

Seen on #Facebook, student charged $1.42 for an #email password reset at the #University of #Mauritius ?#Education pic.twitter.com/vHqWm4BXl2

— Ish Sookun (@IshSookun) March 23, 2016

Google Apps for Education

The University of Mauritius uses Google Apps for Education, which as advertised by Google is free for schools with ²⁴⁄₇ support at no cost. A service that comes for free for the promotion of education.

Then, where comes the dilemma of charging students for password recoveries? Some more reading taught me that Google Apps by default does not enable the “password reset feature” for users. Under such a configuration user passwords can only be reset by the Google Apps administrator. It might be the origin of the hiccup. The current practice of the University of Mauritius requires students to call personally at the CITS Helpdesk. Since there is some “bureaucracy” involved I believe that is why Rs 50 is charged. Now, to the question on ethics, whether it is proper to charge for a “password reset”, I won’t go down that road. Instead, I prefer look at the options for the university to implement something that could remove the “bureaucracy” needed because of manual requests for password recoveries.

Enable password reset feature in Google Apps

There is no need to look elsewhere to implement an automatic password request facility when Google Apps already comes with the feature. It only is required to be enabled, students properly informed about its usage and that a recovery phone number has to be set up.

Proper education for the students

Some might argue that even with a “password reset” feature some students might be careless, in case of phone loss they’d still require the assistance of the CITS. Then, shouldn’t it be part of the education to make students realize the importance of email security? Or else should we not bother educating the students, leaving email as a trivial matter and unleash graduates in the market that fall prey to continuous phishing scams that result in millions of rupees in loss?