Secrets to a Strong Password and Why We Still Need Them in Schools

    

I recently spoke with the IT director of a school district, and he shared with me some concerns school administrators had about our password management solution and whether it could actually make them less secure. I am rarely at a loss for words in my line of work, but in this instance, I was close.

I asked if he could frame those concerns for me so I could understand their perspective a bit better. One was the ease in which a student can guess security answers to a teacher's password. If a student could get access to the password manager, they would get access to everything.

So I mentioned to him this story about a student charged with a felony for hacking a teacher's password. Was this student some genius hacker, full of malice and the technical expertise to cripple his school’s entire network?

Well, the password turned out to be the teacher's last name.                                                                   

I asked him if they had strong password requirements in place. His answer was no, but the real question is: why not? Many schools feel they cannot take on the help deskburden of helping users reset forgotten passwords. There are simply too many users for them to support in that fashion. Complex passwords cause a spike in help desk burden, which would make the burden placed on IT far too great. However, identity management technology makes it much easier for IT to manage large identity numbers.

password-security-school

Secrets to a Strong Password

At Identity Automation we require our customers to use a username and password combination. They also have the option to include Google Authenticator as a means for multi-factor authentication.

Here’s one example, the phrase “one ring to rule them all, one ring to find them” can be used to construct the password “oR2rta0r2ft!”

Here are some tips how to create a strong password:

  1. Use a minimum of 8-11 characters

  2. Use upper- and lower-case letters

  3. Include numbers or special characters such as !@#$*

  4. Don’t use a pattern. Use a method to replace certain letters with symbols or numbers

Last but not least, it’s important to change passwords often and not to leave them lying around. This is an effective tactic since change will thwart the efforts of an intruder who has gained access to a compromised system.

These techniques can help a user easily remember the password, but they’re random and difficult to crack via brute force attack.

RapidIdentity can support just about any password you want to throw at it. But it doesn’t mean that password should be used in everywhere within the school’s IT systems.

A Different Way of Handling Passwords in the Future?

Imagine a world where it was easier for both users to have more secure passwords and for you in IT to manage all those -- even the recovery of a forgotten password. What if you had the ability to restrict users from using values such as first name, last name, middle name or birthdate as passwords?  

Or, let’s go a step further. What if you securely move away from text-based passwords? Think about users in your school district going through a workflow to retrieve a forgotten password, and the complexity of that workflow was determined by their role as a student in K-2, 3-6, and 7-12th grade, as a teacher, or as a school principal.

You can't expect a kindergartener to remember a complex, 8-character password just so they can unlock a computer. But they could recover theirs by choosing the photo of their teacher or simple, colorful image.

A school administrator, who needs access to student data, would need to enter their password and provide a fingerprint from their registered mobile device when logging in from a cafe. Now we're in the realm of multi-factor authentication.

We’re moving closer to a scenario like this one where we can determine authentication methods based on context (roles, locations, risk levels, etc.). That reality is getting much closer. Stay tuned here to learn more about multi-factor authentication innovations in the future.

 

dispelling-the-mythos-of-sso-portals-vs-full-featured-iam-systems

Comments

Subscribe Here!