The importance of good password management
If I had a pound for every time I asked “Can you remember what my password is?” I would be a millionaire by now. As we move into the start of a new school year, I thought it would be a good idea to remind you all of the importance of good password management.
For many years the passwords for many people or systems have never changed. It’s a frightening fact that many default passwords on Internet routers, switches and photocopiers for example are never changed. This creates a serious security risk and should be avoided at all costs. I still remember one of the first schools I worked in, the business manager had a little blue book in her desk drawer with every password for all systems and even staff users who couldn’t remember their own passwords. It even had the lovely ‘passwords’ title written on the front! When I got involved the first thing I advised then to do was to at least lock this book in the school safe until a more efficient method was developed.
There are so many creative ways to manage passwords, ranging from secure password manager apps to keeping them recorded in a secure location that has limited access.
As part of the school cyber security plans there should be a robust password policy in place which is applicable to all systems used in school. The absolute minimum character count for passwords should be 8, ideally 12-15 characters is a more sensible solution. The passwords should consist of a combination of lowercase, uppercase letters along with numbers and a special character such as @, * or !
I have found a popular pattern is to use a combination of numbers mixed with up to 3 random words.
In most systems the admins can set passwords to expire at certain periods of time so users have to choose a new one. It would
be advisable to change your password at least once per year, although in schools this can be set to be a termly exercise.
Back to the question I keep being asked, “Can you remember my password?” The simple answer is “Sorry I don’t as you chose your own last time it was reset”. When we receive a password reset request we always produce a one time use temporary password that asks the user to choose their own password when they login with it. As part of your ongoing IT support and staff training the methods for managing passwords can and should be covered. I nearly forgot to mention the other massive problem that is still often seen. Passwords written on a post-it note stuck to a screen or desktop. Again, this must be addressed with staff training and whenever this is seen they should be removed and reported so this can be monitored.
It is possible to store login details in your web browser. This practice is common and in most cases is a safe way to manage passwords as long as the device itself is secured with a strong password and isn’t left logged in when unattended. Devices can be set so they automatically lock after a period of inactivity but it’s best practice to get into the habit of locking the device when you’re leaving the room. The simple methods to do this are as follows:
Windows PC’s - Windows Key + L
Apple Mac - Control-Command + Q
Chromebooks - Search + L or Launcher + L
Tablets such as the iPad should lock when you close the cover or quickly press the power button.
The positive side of browser password managers is that they sync into the cloud and make life much simpler when you login on another device so everything syncs across for you. Even with this in place it’s still wise to remember the main password for the system that is being used. (Google or MS365).
There are a variety of password managers to choose from, here is a summary of some of the most popular ones:
1Password
Dashlane
NordPass
If you use an iPad or iPhone it’s now possible to create secure notes that you can store account details in which are protected with a password you set and is unlocked with your TouchID or FaceID.
However you choose to manage passwords is entirely up to you but please remember that the security of your devices and web accounts is ultimately your own responsibility. Please take full advantage of all support that is available to you, remember we’re all in this together and can ensure we all stay safe from any potential threats that are unfortunately out there.
Let’s wave goodbye to those old password notebooks and take charge of your passwords.
