123456, Password, 12345678, qwerty, 12345, 123456789, letmein, 1234567, football and iloveyou. If you have just read your password - congratulations you are using one of the top ten most commonly used passwords - according to SplashData.
Passwords and user credentials in general are an important and regularly overlooked element of somebodies online activities. If a password is available to people other than their ‘owner’ that person’s data and online persona are at risk.
Students at Campus des Nations have three main accounts. Depending upon how the student has set things up, these accounts they could have different passwords.
- Their ‘Windows’ login which they use to sign into school owned Windows devices and access the school Extranet WiFi via their personal device(s).
- Their G Suite for Education account which they use to access their @learning.ecolint.ch email, Google Drive etc - usually via my.ecolint.ch.
- Their ManageBac account.
There is also the password or method that a student uses to access their personal devices such as the laptop they bring to school and their mobile phone. In many ways this password is the most important. If a student’s device is set up to automatically check mail, be logged into accounts etc access to the device means access to everything!
Focus on… passwords - Change them regularly
Security is always a compromise between strength and convenience. We could require students (and staff) to have passwords of 16 or more characters that are a mixture of letters, numbers and characters. This would be more secure but rather inconvenient. We could also require students (and staff) to change their passwords every couple of weeks. We currently do not do this, however, with recent changes to EU data protection laws the process is being discussed and reviewed.
Recommendation > Change your device password after returning to school after every holiday, change your G Suite for Education password at the start of each term.
Focus on… passwords - Don’t leave them lying around
A password that is written on a Post-It note and kept stuck to a laptop/diary/pencil case is not secure. All staff and students at Campus des Nations should be using Google Chrome as their browser. Google Chrome will remember passwords (with a users permission) and by signing into Google Chrome it will sync these passwords between your different devices. As long as a user has a strong, regularly changed password to access the device - then this is a good approach. Using a password manager - such as Google Chrome’s inbuilt system or LastPass or 1Password - encourages and supports the use of longer, more complex strong passwords.
Recommendation > Use Google Chrome, log into Google Chrome, use Google Chrome to remember your passwords BUT ensure your device is secure.
Focus on… passwords - Be careful who you loan them too
Students should not be lending their passwords and account access to their peers. There is no need for this to be necessary. I believe that parents should know the passwords that their children use. The age that this become less important is down to each individual family. Siblings may not need to know each other’s passwords but maybe parents should.
Recommendation > Have a conversation at home about access and security and who knows which passwords within the family.