The truth is, even though we support over 2 million blogs, we only get a handful of complaints each year when it comes to inappropriate behavior or a suspected “password hack” on Edublogs.
A ‘password hack’ is when someone has used the password of another person to write a post or change something on a blog. They’ve either guessed or found the password and used it to break in.
Almost all examples we’ve dealt with over the years could have easily been avoided with good password management. It is important that as educators, we model and teach our students good password responsibility.
The most common causes of inappropriate behavior or suspected ‘password hacks’ are:
- Using a generic username and password for all students.
- Failure to use unique passwords for each student. The teacher creates student accounts with a different usernames but the same password for all students or a standard approach to assigning passwords that allows students to easily guess other students’ passwords.
- Students telling other students (or siblings) their username and password.
- Failing to log out of accounts or using ‘Remember my password’ on shared computers.
Most our students do the right thing! But occasionally there is a student who will do the wrong thing when they think they can’t be traced or made accountable for their actions.
Passwords are our line of defense for protecting our accounts. Students will have to deal with lots of passwords in their lifetime and we believe they are never too young to be taught good password practice.
The aim of this post is to share tips and resource to help educators improve how they manage their own passwords and help to educate their students on good password practice.
Use strong unique passwords
The stronger your password the more protected your accounts are. You should always use strong passwords for all accounts and use strong passwords that are different for each of your important accounts.
While remembering multiple strong passwords can be annoying, at least all your other accounts are protected even if a password is compromised for one account.
A strong password:
- Is at least 8 characters long
- Is unique and different from your other passwords.
- Doesn’t include terms that are significant to you like pet’s name, username, real name, date, phone number that are easy to guess or use complete words that make it easier for hackers who use dictionary attack programs. Also avoid common word misspellings and words in which letters have been replaced by numbers or symbols because some dictionary attack programs also check for these.
- Contains a combination of uppercase and lower case letters, numbers and symbols (keyboard characters that aren’t letters or numbers).
Creating strong passwords
A common method used for creating a strong random password is to turn a sentence that you can easily remember and turn into a password by using the first letter of each word, parts of words, substituting numbers and symbols as appropriate. Choose phrases that are meaningful to you or includes your favorite hobby or sport to help you remember.
For example, my phrase might be:
Rush Hour 3 is my favorite movie and I like chocolate might become rH/3iMfm&1Lchoc
I love football and cricket could become iLuVfb&CiK3t
An alternative option is to use a password generator tool such as Safe Password generator. A password generator tool is a good option for ensuring you create a strong random password to ensure you aren’t susceptible to a ‘dictionary password attack’.
Check out this video by Mozilla on ‘How to choose strong passwords‘.
Keep your password secure
Password management isn’t just about using strong passwords; it is also about making sure you keep your password secure and others don’t access your account.
- If you do write down your passwords don’t label them ‘password’ or leave them in plain sight on or near your computer.
- Don’t use ‘Remember the password’ if you are sharing a computer with other people. If someone knows your username, and you used ‘remember the password’, they just need to add your username to log into your account. You can make sure your password has been removed after you log out by clearing stored passwords.
- Always log out of your accounts if your device is around others and make sure all passwords are cleared if someone asks to use your device.
- Don’t give your password to anyone except your parents or teacher- not even your friends or a sibling.
Update your password recovery options
There are occasions where you will forget your password or need to reset it. Most systems use your email address for password resets.
Make sure your recovery email address is kept up-to-date on all important accounts and uses an email account you can still access (here is how you update your Edublogs email address).
Creating student passwords
The most common reason why educators have issues with student accounts is they’ll create the account for their students using a different usernames but the same password for all students or use a standard approach to assigning passwords that allows students to easily guess other students’ passwords.
The best options are to:
- Educate your students on strong passwords and good password management practices.
- Practice password creation by getting students to suggest strong passwords and then go over them as a class by having the students explain why they think a student’s password is good or weak, and why.
- Get students to log into their account and make their password strong as one of their first activities if you’ve used a generic password or simple password naming systems.
Here are some resources you can use with your students:
- Commonsense media’s Password Tips student handout
- How to Choose Stong password video (by Morizilla)
- How to create a strong password (by Google)
- How to choose a safe password video (by Explania)
- Check your password – is it strong?
- Safe password generator
- Lifehacker’s How to pick a good, strong password infographic (print off full sized infographic to display in class).
Using Password Managers
Most of us have a lot of online accounts and remembering all our unique strong passwords can be both painful and hard.
The alternative approach to remembering passwords is to use a password manager.
Password manager options include:
- Saving logins in your web browser using the ‘Remember password option’.
- Web based password managers such as LastPass which saves your passwords in an encrypted database. You just need one master password to access all your stored encrypted passwords.
- Local managers such as KeePass and 1Password which saves your passwords encrypted database on your computer or device.
You can read a review of password manager options here.
Your Password tips!
There are a range of different approaches you can use to manage passwords.
How do you manage your passwords? What are your tips and the challenges you face helping students manage their own passwords?
Please let us know by leaving a comment below.
8 thoughts on “Tips for Creating Secure Student Passwords”
Thanks for this informative article on safe passwords. I’ve been using http://epswd.com to generate free secure passwords. A handy free tool for everyone around.
Thanks for this useful article 🙂
I like to make a meaningful sentence an then scramble it with special symbols, numbers, upper and lower cases. This method works fine for me, but i need some time to fully remember it.
If i need a quick password, i like to use http://www.keyspinner.com for password generation.
This is a lot of great content about passwords. I have never seen the correlation to a sentence and creating a password. Will definitely share with fellow teachers.
I use a site called http://random.pw to help me generate strong, memorable passwords.
When I first began our campus setup I wrote a post on just this topic. It includes a couple of links you haven’t put in this post and a video as well. http://eschoolblogs.org.au/blog/2012/04/30/creating-strong-passwords/
PS Feel free to make a link in the comment rather than the URL
Thanks Miss W! Hadn’t thought of adding a video and did think about a safe password generator but didn’t add 🙁
I’ve now updated the post with your suggestions and thanks for sharing!