How Strong is Your Password?

Nine Tips for Improving Your District's Security by Helping Staff Manage Their Passwords Better

By Tina Burkhart - July 8, 2010

In recent weeks, new stories about an international spy ring that was exposed also raised broader issues regarding technology security.  According to Computerworld, in searching one of the homes of one of the suspected spies, the 27 character password for the persons’ computer was written down and kept in the office next to the computer.  Once they had the password, the investigators were able to use the password to find messages hidden in files.  When this was discussed with technology security experts, their response was that it continues to be common to find passwords written on sticky Post-It notes, or in a desk drawer. Once the password is found, the entire information network becomes vulnerable

School districts face the same issue.  Passwords are critical in today’s use of computers, networks and the Internet.  The dilemma regarding how to handle passwords is one technology directors often ponder.  If passwords are simple and rarely updated, people are able to remember them – but they are also easily hacked, and may be known by multiple people at the site.  However if password requirements are too complex and must be changed on a regular basis, people cannot remember their passwords, and will write them down or give the password to others who share the same workspace.

There are some steps districts can follow to ensure the security of passwords:

1. Remind teachers that students are not to take roll or complete any task on a teacher’s computer which requires a password. 
2. Set time limits on inactive computers and log them out after a reasonable length of time.
3. Some districts allow the use of stronger passwords (with more letters , combinations of upper/lower letters and alpha-numeral passwords) for longer periods before requiring a password change.
4. Encourage people to use a mnemonic password; some suggest sillier ones are more easily remembered.
5. Use a pass phrase in place of a word.  For example: Ilove(2)seeoldmovies!
6. Suggest people store their passwords in places which are not obvious, such as keeping the password in the trunk of their car.
7. Make certain a policy is in place to quickly disable accounts of people who are no longer employed. 
8. Design the network to lock out users when multiple incorrect password attempts are made.
9. Require more frequent password changes for people who have access to sensitive information areas such as those working in fiscal services.

Passwords are essential in today’s online world, and the time taken to protect them may save the district hours of repair work and the loss of sensitive information.

Editor's Note:  Tina Burkhart is the Director of District Support Services for the educational consulting firm Total School Solutions (TSS).