Passwords

One of the things for which I'm paid is to be paranoid about our network. I imagine scenarios like a student learning a teacher's password and changing grades in ProgressBook, a student releasing a virus in our network which shuts everything down (including phones), or even someone with little to no connection with our schools being able to cause trouble on the network. Hopefully, you can help us all feel better by thinking about your passwords a little.

Passwords are the first line of defense against malicious attacks on the network. If someone meaning harm cannot even get access, then they are limited in what they can do. Or, if they cannot log in as someone with access to information - same thing. On the other hand, if they can log in as someone with access, then they can cause quite a bit of grief.

With that in mind, here are some tips I copied from a SecurityFocus article called "The Simplest Security: A Guide to Better Password Practices":

1. No Dictionary Words, Proper Nouns, or Foreign Words - There are programs freely available that can check your password against thousands of words in a few minutes. It would literally take 15 minutes for someone to crack your password if it is an actual word. These programs even try foreign and backwords words, so don't think you're any safer trying those.
2. No Personal Information - It is really easy to find your birthday, Social Security number, anniversary, family member information, pets' names, etc. You may even share that info in class or in casual conversation. Don't make your password something you share openly.
3. Length, Width and Depth - Want to know how long your password would last if a program checked every possible combination? Notice how adding one character to your password significantly lengthens the amount of time it would take someone to crack it. Notice also how much time is added if you use things like upper and lower case, numbers, punctuation, etc. Microsoft recommends the following:
1. Not contain significant portions of the user's account name or full name
2. Be at least six characters in length
3. Contain characters from three of the following four categories:
1. English uppercase characters (A through Z)
2. English lowercase characters (a through z)
3. Base 10 digits (0 through 9)
4. Non-alphabetic characters (for example, !, $, #, %)

Here's a few final suggestions. Don't share your password with anyone! Don't use regular words. Don't write your passwords down (the oldest trick for stealing passwords is to look for it under the keyboard or in a drawer). Change your password frequently.

One way to create a secure password is to combine numbers with words. For example, take a year like "1999" and a word or name like "Prince!" and combine them like this: "P1r9i9n9ce!" You now have a 10-digit password that isn't a word, uses upper and lower case with numbers and punctuation, isn't personal information, and is easy to remember without writing it down.