This article offers advice on how to improve your password strength and security to protect sensitive school & personal data. Find out how to create a strong password and what to avoid.
Hands up if you have ever:
- used the same password on different accounts?
- modified a password by adding a number or symbol at the end?
- used a name?
- used the same password for personal and work use?
If you have done any of the above, it is definitely time to review your security settings.
With recent moves to cloud-based systems, schools and nurseries are increasingly being targetted in cyber attacks. Passwords are a key part of your school’s cyber security strategy as they are a cheap way of controlling who can access your devices and networks. Unfortunately, passwords are only effective if implemented properly.
How to Increase Your Password Security
The UK Cyber Security Agency Suggests:
Have a different password for each account/service. If this isn’t possible, then make sure your most sensitive accounts have a unique password.
If you must write down your passwords, store them securely and away from your device.
Consider using a password manager – or ask your IT team whether this is an option.
Use two-factor authentication (2FA) on sensitive accounts. This gives a way of double-checking you really are who you are claiming to be.
Always lock your account when you step away or stop using your device, even if it’s just for a minute. This applies in school or when working from home.
What are Sensitive Accounts?
Sensitive accounts are the ones where there is the most at risk – usually accounts that allow access to financial details and/or confidential data. Examples include:
The login for the computer(s) you use at school. These usually give access to the school server and its confidential data. This same login is often used to gain access to school resources when working remotely.
Your school email address(es) which usually allow access to cloud storage and school intranet as well as email.
Logins for school data systems for registration, assessment and finance.
What is wrong with My Password?
Passwords frequently get reused and modified because we struggle with the number of passwords we have to juggle in both our personal and professional lives. Reusing a password means that if someone gets access to one password, they have access to more than one of your accounts.
We are frequently told to create passwords that are at least 8 characters long, contain at least one capital letter, one number and one symbol. This often leads to people using names with number substitutions (0 instead of o). Just because random 8-character passwords are difficult to remember, it doesn’t mean difficult to crack. A computer can crack a random 8-character password in hours as they are simply not long enough.
✘ Avoid
✘ names (pets, partner, children)
✘ personal dates (birthdays, anniversaries )
✘ other personal information (past addresses, place of birth)
✘ numerical, alphabetical or keyboard sequences e.g 1234, qwerty
✘ repetitive characters ‘sss’ or 777
✘ favourite food or sports team
✘‘password’
✘ short passwords (less than 16 characters)
How to Create a Secure Password
Make it random – it doesn’t have to be like one of the alphanumeric computer-generated codes that you will never remember. You can create a strong password by picking 3 random words that you have no personal connection to. For example, ‘bucketarmpitelf’. You could use a symbol or space between words bucket>armpit>elf to make the password longer and more secure.
✓Do
✓ use longer passwords – at least 12 characters, preferably 16-20
✓ use 3 random words with symbols or spaces
✓ use a password generator (great with a password manager)
Can 3 Random Words Create a Strong Password?
This online tool shows you the length of time required for a computer to crack different passwords. It is a great tool to play with to test the effect of different passwords lengths. Try entering an example 8 digit password (not a real one) and then try 3 random words with a space, symbol or number between each word and compare the outcome.
Password | Time to Crack |
k8h3sYaQ | 1 hour |
k8h3^YaQ | 8 hours |
catdogcar | 2 minutes |
cat dog car | 1 year |
1cat2dog3car | 3 years |
1cat 2dog 3car | 100 million years |
bucketarmpitelf | 1000years |
bucket armpit elf | 10 billion years |
I picked 3 common 3-letter words of the sort you should avoid when creating a password: cat, dog, car. Something as simple as adding spaces between the words increased the time to crack from just 2 minutes to a year. This is better than a random 8-character random alpha-numeric password.
Try a Password Manager
Password managers store all your passwords for you and keep them safely encrypted. They can be accessed through an app or browser extension. You only have to remember the password to the password manager itself and it will take care of the rest. Password managers can be used across a range of different devices, avoiding the frustrations of a login stored on one device but not another.
Even if your school already provides you with a password manager, it is worth using one at home, especially if you do a lot of online shopping.
Many of the password managers available to companies offer free tiers. Free tiers usually have fewer features than paid tiers. For example, there may be a limit on how many passwords you can store or what type of device you can use them on. So it is worth exploring a few before you sign up to see which best fits your needs.
Free Password Managers
I am not associated/ affiliated with any of these companies – they are listed in alphabetical order. The links below go to the page showing what is including in a free personal plan to allow you to compare the features offered.
If you do use a password manager, it worth remembering that you need to create a strong password to access it. If you forget it you are unlikely to be able to recover your account. Additionally, you really setting up two-factor authentification for this account, to make it as secure as possible.
Use Separate Accounts for School and Home
If you have a password manager for home and and to use one for school, it might be worth talking to your leadership team or IT technician. If you go down the free route, remember not to use the same password manager account for school and home.
Has your data ever been made public in a data breach?
Check your email addresses here.
Summary
It really isn’t difficult to improve your password strength: combine strong passwords with a password manager that can be used across different devices.
The National Cyber Security Centre has a Section for Schools, which includes information about password strength and security. They also have specific areas for school leaders, governors and staff with a variety of useful resources on all aspects of cyber security.
National Cyber Security Centre (School Section) https://www.ncsc.gov.uk/section/education-skills/schools
For more information on how to turn on two-factor authentication for most accounts see: www.telesign.com/turnon2fa