By Steven M. Baule, CIO Advisor
There is always a sense of excitement in the air as the new school year dawns. I know some administrators who welcome staff back with a hearty "Happy New Year!" However, as our staff and students wander back into the hallowed halls of academia for another year of learning and illumination, it is probably a good time to remind people about how to create solid passwords. Not an exciting subject, but nonetheless important. In my experience, it is not uncommon for some staff members to return without any recollection of even having had a password last year (I jest), but it is fairly normal for help desks to receive calls about resetting passwords in the beginning of the year. As a good IT manager, you want to exploit this opportunity to remind staff how to create good passwords that will actually protect their data.
A recent study showed that any eight-character password using only lowercase letters can be cracked in two hours or less. Simply adding an uppercase letter can extend the amount of time to crack a password to more than 200 years. Many corporations want passwords that include a number or a special character ~ I like to use the tilde in passwords I create for people.
Microsoft reminds people to use the following as a guide to creating strong passwords:
- Longer passwords are better. Microsoft recommends passwords be at least eight characters in length.
- Complexity means don't use a word from the dictionary or your birthday, anniversary, etc. Use a combination of at least three of the following: upper- and lowercase characters, punctuation, symbols and numbers. @Ppl312 is much better than apple.
- Change your password regularly. From an IT standpoint, make sure staff and students who are not returning have been removed from the system or at least their accounts are disabled. A district near mine had a student hack into its systems for nearly two years unnoticed. He was using the account of a former student teacher.
- Don't use the same password for everything. If you use the same password for different sites, you risk having a low-security site that's also giving out your online banking password.
Microsoft also has a password checker available at its Safety & Security Center (opens in new tab). I really like the Password Meter because it provides more information on how to improve your password.
Steven M. Baule is superintendent of North Boone CUSD 200 in Poplar Grove, IL. He has written several books on aspects of library and technology management and planning. Follow North Boone on Twitter @NBCUSD200.