Managing Student and Staff Passwords

Question: What suggestions do you have for helping manage passwords for staff and students?

The IT Guy says:
The best situation for an organization is to have a single sign-on system that uses authentication directly from your active directory database. The system should permit users to reset their password, and should also auto-generate passwords as an option for users or allow them to create their own according to specific requirements.

Most passwords generated by people are considered “insecure” because they contain a combination of words in the dictionary and numbers. These types of insecure passwords can be hacked relatively easily by powerful computer programs widely available today. Passwords for both students and staff should require at least eight characters and should not permit any words that are in the dictionary that contain more than 3 characters to be included. Also, the password should have to include at least one capital, or uppercase, letter, and at least one number.

These are only guidelines, but the main goal is to force users to create and use passwords that are secure. Unless forced to do so, must users will not create secure passwords. But having the user create or obtain a secure password is just the first step. An equally important second step is getting that person to protect their password.

A recent incident in the Dallas, Texas area involving a blog of a cheerleader and a message allegedly posted by another student, as reported by The Star-Telegram, highlights the critical importance of safeguarding passwords. The best security policy is for users to not write down their passwords at all. If users insist on writing down their password, they should protect it just as they would a credit card number.

Clearly there are easier and less secure ways to manage passwords, but it is very important that schools model good security policy and teach constituents of all levels why password security is so important.

Next Tip: Secure password suggestions