Passwords


Last night, I had this TED talk shared with me with the message “This will put a lot of you to sleep.”  

I had to view it right away.  In actuality, I watched it a few times.  I think it’s a great video to watch “What’s wrong with your pa$$word“.  You’ll probably learn something new each time you watch it.

I had a bunch of takeaways from the video.

  • impressed that the IT Department at CMU wouldn’t give password databases away even for research;
  • learned how you might hack a hash code;
  • suggested rules for password security;
  • common passwords;
  • National Institute of Standards and Technology;
  • different ways to show strength of password;
  • ideas about rules for changing passwords;
  • recommendation of different password per system;
  • and much more.  You need to watch the talk.

Now, the audience presumably was largely from Carnegie Mellon and her message would be directly applicable to them.  Higher education and the general public have total control over passwords and privacy if they elect to use it.  When you are registered, you get an account and you are then expected to manage it.

I actually rather enjoyed the talk.

But then I started to think about K-12.  There’s lot of talk about students and privacy.  But, what do we do about passwords?  And, passwords on multiple accounts?

A typical scenario might be that student accounts are created with data extracted from the system Student Information System over the summer.  It might be initially seeded with a password being the student birthday and the instruction given to change the password on first login.  I remember a student told me once that this was a good reason not to skip the first day of school…

First point of failure.  It’s the first day of school and you’re logging in for the first time.  You haven’t had time to teach that important lesson about creating a strong password.  But, you could do that later and then have a big change-a-thon.  Now, it’s a good idea to change the password regularly or, perhaps, you have a system rule that forces it to happen.

Now, you log into the network.  There’s one account needed.  If it’s school equipment, you’re using a shared device.  Let’s get onto the web and do some read/write web stuff.  Well, that’s probably going to require creating another account somewhere.  You’ll need a unique login and another unique and secure password.  Repeat over and over during the school year.  How many accounts would be created?  How many passwords?  What’s the chance of duplicate passwords?  See where I’m headed?

In the real world, we probably do a good job of it.  After all, we’re probably not using a community computer.  We’re using our own.  If you’re using the computer to its potential, you’re probably using the browser’s ability to remember your accounts.  Or, you might be using a password manager like 1password or lastpass.  While these are great tools for the home user, they’re not practical or even possible in a school setting.

What’s a student to do?  After all, you don’t want the insecurity of writing the password on a sheet of paper?

In many cases, there are resources that help the cause.  I’m a fan of Scrawlar and the way that accounts are handled.  There are also web resources that don’t require an account at all.  You can finish your work in a single sitting with a utility like Wordle.

Unfortunately, that doesn’t cover all of the online world that you might want to use.  The same message that is in Ms. Cranor’s talk is applicable to everyone/anyone.  In a BYOD world where every student has her/his own computer, it would be easier with a browser remembering passwords or the effective use of a password manager.

The reality is though, that we’re years away from that.  The concept of a school provided shared, common device remains a reality.  How do you handle student passwords in that scenario?

Advertisements

Viruses Visualized


This is one of those things that you can’t verify the truthfulness so you have to rely on the source.  Kaspersky Labs is one of the leaders in the industry for malware protection.

On their website, they have this intriguing visualization that claims to show Cyberthreats as they are happening.

The map can be seen live here.

It’s a fascinating watch – it does show a world of connections, that’s for sure!

With your mouse, take the world for a spin and see what’s happening anywhere or wait for the popup to show what the current most-infected country is.

It’s a great start to a conversation about malware and the reasons why you should have software installed, make sure that it’s updated, and scan your system regularly.

Of course, there’s a link to download their software if you wish.

OTR Links 04/26/2014


Posted from Diigo. The rest of my favorite links are here.