Secure Online Proctoring for Education: The Threat of Remote Access


Secure Online Proctoring for Education: The Threat of Remote Access

Mark Musacchio


This blog about online proctoring in education was originally published in April 2020. All relevant content has been updated as of March 2022.

Implementing online proctoring in higher education is a great tool to add to your toolbox in terms of flexible options for students. But how do you know if it’s the right option for your institution? The main concerns we’ve heard over the years revolve around student experience, security, and integrity of the process.

These worries are understandable, but the good news is that technology to mitigate these risks is already available in the form of a secure lockdown browser. This approach doesn’t require remote access by a proctor to a test taker’s computer and uses technology to check for unauthorized programs and programmatically populates a password, rather than using a more fallible and intrusive human process. Here are four factors to keep in mind as you look to introduce secure online proctoring at your school that will ease fears that exist in advance for all parties involved.

1. Organizational risk

When an online proctor or test administrator greets a student for the first time using an application such as Zoom or GoToMeeting, many solutions require the proctor to have complete remote access to a student’s computer at multiple stages of the exam process. It is deemed necessary for the proctor to try to secure the testing environment by checking if a student has any unauthorized programs running on their device. Oftentimes they run scripts on the student’s computer, which appears rather scary for students. If the proctor sees any programs that aren’t approved, they are then able to manually shut them down by remotely accessing and changing settings or disabling them on the test taker’s computer.

In this scenario, there’s a chance that the proctor doesn’t recognize or notice applications running that could aid the student in cheating or copying exams. Equally likely, while increasing security, this level of remote access inevitably leads to increased liability for the testing organization.

Every time a remote proctor accesses a student’s device, they may be able to view or retrieve highly sensitive information such as passwords or personal information. While it’s important to stress again that such behavior is very rare, it is possible and an unnecessary liability. It takes just one instance of malpractice to negatively impact an organization’s integrity and valuable reputation. Furthermore, as more students are taking exams on employer-supplied computers, the risk of data loss extends beyond personal information and impacts such areas as health and financial records.

2. User experience & privacy

Another potential consequence of allowing an online proctor full remote access is the impact on student experience. The tech savvy student will fully understand the potential data security risks that this presents, leading to discomfort and worry for many test takers. What’s more, remote proctors are often permitted by the terms and conditions to change computer settings – even a student’s wallpaper – if they feel there is hidden messaging or another security risk present. At the end of the exam session, proctors may not change the computer settings back, frustrating students even further.

In most instances, students are honest and have absolutely no intention of cheating. These changes can feel unnecessary and as a result, students often go to social media to complain that their proctor is digging around their computer, changing settings, turning off programs, even disabling anti-virus software. In a competitive market where everything we do is widely reviewed and shared, a poor student experience can have a significant impact on the number of students choosing to opt for a particular course or educational institution.

Data protection and user comfort is at the forefront of everything we do at PSI. As a professional assessment provider, we only collect data to protect the academic integrity of an online exam and guarantee each student has a level playing field regardless of testing modality. Our policy is to never capture or store unnecessary personal data.

3. Secure software

At PSI, allowing remote proctors full access to a student’s computer is something we advise against. One way some vendors achieve that full access – which is completely unnecessary in our opinion – is requiring  students to install a browser extension on their computers. There are two main concerns with this:

    1. There is an initial level of discomfort on the part of students to grant permissions to a third party to such a heavily utilized portion of their digital footprint. Many utilize these browsers for confidential purposes like online banking, social media, and personal correspondence, making them reluctant to hand over the reins in any capacity.
    2. Taking the above concern one step further, there have been reports that some students notice these browser extensions are active even when not taking an exam.

While this technology was designed to detect if a test taker opens another browser tab or copies and paste information into an assessment, it only provides record and report functionality, with minimal capacity for prevention. What’s more, these extensions can’t close down several unauthorized applications. Overall these look and feel highly intrusive and provide limited utility and functionality.

Since we started developing online proctoring, we have successfully and intentionally avoided remote access while still ensuring test security and integrity.

Software in the form of a secure browser currently presents the most secure and least intrusive user experience. PSI’s Record and Review platform was developed and patented over 20 years ago, and we have been refining and improving it ever since. Students can download the application to their control panel in seconds. With over a million downloads every year, it prevents users from copying, pasting, taking screen grabs, using remote desktop and virtual machines, using instant messaging or other applications, and accessing other websites.

4. Password protection

It’s also vital that online proctoring solutions are able to integrate quickly and easily with your LMS. As with remote access to a student’s computer, access by a remote proctor to an organization’s LMS and exam passwords shouldn’t be necessary. Relying on a proctor to remote into a student’s computer just to key in a password is unnecessary and can be error prone.

How do we get around this? With an Application Program Interface (API), a proctor doesn’t need to access or know your LMS passwords. Because passwords are pulled automatically from your LMS, they are always kept secure, consistent, and correct. All you need to do is build assessments in your LMS (PSI can help with this if you need additional support) and assign passwords. Our API then connects to your LMS to unlock password protected exams with no human intervention required.

Successful online proctoring implementation

There are often tensions between speed, security, and budget when implementing any new technology. When it comes to remote assessments, it is possible to balance these tensions with online proctoring that incorporates both a secure browser and a robust integration, keeping your tests and student data secure and delivering a great user experience. With Record and Review proctoring and an LMS that is LTI compliant, your students can be up and running with online proctoring in no time.