Principals, Is Your Password Secure?

Posted by · Leave a Comment 

Check Out the New Blog In order to work with your IT department in creating a secure but functional digital environment you must have a basic understanding of non-board policies that will effect your students and staff. Keep in mind that the information presented here regarding passwords is very basic and you should work with your IT staff to determine the capabilities in your particular infrastructure.

PasswordsLength
We recommend a minimum of six (preferably eight) characters in a password for students and regular users and a minimum of fifteen characters for ‘secure data users.’ The reason for this is that the time it takes to crack a password increases exponentially with password length.

Complexity
Passwords should contain at least one alpha, one numeric and one non-alphanumeric character (a symbol). Complexity is a double edged sword though because if you are using a six character minimum only then 27% of the total possible passwords would meet the complexity requirement if people only used the minimum of six characters1.

Repetition
This disallows the use of a certain number of previous passwords. It is used to ensure that a user does not keep using two passwords over and over by alternating between them. For example, if this was set to five then one could not use any of the previous five passwords.

Age
This is the minimum length of time before a user can manually change their password. This setting is used to avoid abuse if the school district has set the repetition policy. If this was not set a user could manually change their password as many times as necessary so that they could keep their original password which results in the reality that their password is never really being changed.

Forced Changes
Password changes can be forced by the system at regular time intervals. For regular users a one year interval is likely good enough, but secure data users should probably have forced password changes two to four times a year. If the change frequency is low then compromised passwords have a higher value, but if the frequency is too high it is more likely that users will take steps that make their personal password management easier, such as writing passwords down on post-it notes which nullifies any intended benefit of a frequent change.

Never share passwords with other employees including your assistant! If a group of people need access to the same files or applications they should be granted that access with their own login. In fact, a good IT organization will never ask for your password.

What additional password protection procedures do you think principals and school leaders should include?

1 No Tricks: Counting Restricted Password Spaces

From Professional Learning Board’s online continuing education course for teachers: Technology for Education Leaders

In order to work with your IT department in creating a secure but functional digital environment you must have a basic understanding of non-board policies that will effect your students and staff. Keep in mind that the information presented here regarding passwords is very basic and you should work with your IT staff to determine the capabilities in your particular infrastructure.

Found in Blog, Course Connections · Tags , ,

About PLB

Did you forget your username or password?
Login here using your username and password:
Click below to find your state to register for a course.