Learning about password security early, individual student logins at school

Published by in edtech on March 30th, 2009

The ability to create multiple login accounts on current operating systems like Mac OS X is great. This not only allows family members to have their own “custom” desktops and bookmarks/favorites, it also permits young users to start learning about password security early.

The replacement for Saturday morning cartoons

This many seem like a trivial thing, but it really isn’t. The importance of passwords and password security is only going to increase as our society gets “more digital.” When I initially setup an account for my now-five year old to access and use one of our family Macbook laptops, I setup a “shared” account that did not have a password, which she used with her older eight year old sister. A few months ago, however, Rachel asked for her own login account. She saw everyone else in our family logging in with “their own” accounts, and she wanted to do this too.

About two weeks ago, Rachel asked for her own password. This was not hard to do and add, and she chose her own password. I don’t know what it is, but I did see it has three characters. This morning before school, she commented to me “how fun” she thought it was to have her own password.

As a former elementary computer lab teacher and technology integration facilitator, I definitely know what a nightmare helping manage student passwords can be. Just for the Accelerated Reader program, password management can be quite time consuming for a class of 25. The AR program provides multiple examples of how and why password security is so important, however. What school librarian and teacher working with the AR program for awhile has NOT run into the situation of one student using another’s login and password to take AR tests for them? Cheating on AR tests is just the tip of the iceberg when it comes to password security. Identity theft, phishing, and other digital password-related criminal schemes are growing by leaps and bounds. Young people need to learn and practice good password security, just as adults do today.

I’m glad my five year old “pushed” for her own password. It’s not a huge deal or inconvenience, but it provides an opportunity to discuss issues that are important life skills. Rachel told me this morning that “Sarah knows my password.” We’ll have a talk about that today after school, I’m sure. If Rachel wants to share her password with her sister, she certainly can, but the best thing would be for her to keep it secret and to herself. As an “administrator” on our home computers I can change it for her (or better yet, have her change it directly) whenever she wants or needs it reset. Even though she’s just five years old, it’s not too early to start talking about the importance of controlling and maintaining control over her passwords and therefore her “digital life.”

For more general information about setting up multiple user accounts on Mac OS X, see the support article “About multiple user accounts.” Idaho State University has a good tutorial page on setting up multiple user accounts in Windows XP. Microsoft has a good article on enabling “fast user switching” (which is also an option for Mac OS X) on its support website. User Account Control was implemented by Microsoft with its Vista operating system as an attempt to improve user security by further limiting user rights to install and run applications. Implementing access control rights can definitely get complicated and can easily hamper more advanced family computer users. In addition to using multiple logins for the basic differentiated functionality it can provide, it’s worth exploring the security and other “features” this can open up even in a home setting.

It’s interesting to note the two largest school districts in our state, Oklahoma City Public Schools and Tulsa Public Schools, have very different policies when it comes to individual student logins. OKCPS creates user accounts for each student when they start kindergarten, or at the point they enter the school district for the first time as a student. TPS does NOT create or have individual student logins. I think OKCPS has the right approach on this issue. In the not too distant future, all our students are going to be using their own laptops at school. Individual network logins are essential to promote a culture of accountability, as well as provide individualized, secure access to a variety of applications and resources. It’s never too early at school to start learning about password security, and it behooves school districts to lay the groundwork for individual student logins as soon as possible, whether students start using those accounts right away or later in their school careers.

Vendor cloud-computing solutions like Stoneware Inc. are ideally situated to integrate with a district’s active directory or other directory services scheme, and provide single-signon capabilities to a HUGE number of services and applications. Does your school district provide individualized student login accounts currently? Are you doing this at home with your own family members?

Technorati Tags:
, , , , ,

On this day..

9 Comments »
  • http://askwhatelse.wordpress.com/ Sheri Edwards

    My writing class students have wiki, Diigo, Google (some), Mapskip teams, Voicethread, and blog accounts. I create them all so each student has the same username and password for each account.

    Last year our computer lab had one class sharing and misusing their accounts; the class lost their computer privileges for a quarter, emphasizing the time it takes to reset passwords as well as the importance of the issue. The rest of the students remember that, and we have not had any problems.

    The students appreciate having one password for our writing classroom accounts.

  • http://www.salemkeizer.org Melissa Garner

    In our district we take a growth approach to student accounts and passwords. In grades K-2, students use a shared class login with shared storage space. Toward the end of 2nd grade, we have a “graduation” ceremony where students are given their new, individual user ID’s. This is a randomly generated 7 number ID that is stored in our student system.

    Third through fifth grade students use a common grade-level password for the year. In 6th grade and continuing through their student career, we switch to an initial password (which includes their student ID) that students are then required to change on first login. There is an amount of time they are required to keep that password before it can be changed again (except in extenuating circumstances). For this reason, we encourage students not to use IluvSuzi or other such “time sensitive” passwords. :)

    We’ve been doing this for over a year now and the biggest complaint – that soon disappears – is that it’s ANOTHER number for students to memorize (in addition to their 6 digit student ID and their 10 digit state ID). We try to ease that burden by using that same login information for all learning-related applications that allow imports of student lists.

  • Maureen Tumenas

    We have grade level passwords for grades 1-5, only 4th and 5th have regularly scheduled computer time. They are 7 character case sensitive passwords and when I take the younger kids into the lab, I often just start at one end of the row and start typing them in, some kids can do it, others would take the entire 40 minutes to find the keys, never mind getting the case right.

    I start having kids make their own passwords (7 char,1 must be a capital, 1 must be a symbol or number, cannot be part of your name)in 6th grade. Most kids can do this by then, and I only have 2 who consistently forget theirs. It is important to teach them about password security. We haven’t had a problem with misuse or sharing passwords, but it does take extra time to do it, especially with the little ones who are sporadic users and most do not have a password at home.

    The kids also have gaggle accounts- another password. I ask them to use this on all accts that they sign up for. If they choose to use another password and they forget it, they get to find out how to recover a password. Another good lesson.

  • Stacy

    I think it is very important to start stressing the importance of keeping your passwords a secret at a young age. As an adult I have a ton of passwords and I change them in an instant if I feel anyone may know what one may be. It is especially important to keep passwords that are to important documents like credit cards and bank accounts sealed because you never know who may try and break in and find out your information. Teaching children at a younger age to keep passwords a secret will instill it in them for the rest of their lives. If keep the password a secret is all they know then they will not shy away from it. I think all parents and teachers need to stress the importance of password secracy a little bit more.

  • http://techyturner.blogspot.com R. Turner

    I’m so glad to see that others also understand that children need to learn the importance of passwords and keeping them secret. It is not about hiding things but about teaching what is personal needs to stay personal and what is communal stays communal. My school district does have individualized student accounts and logins. And yet, I have the discussion every year about why one should keep their password secret. Incidentally, the username and the password are the same, their student ID number. (I’m working on changing that!) My home also has separate logins for each person that is in the home. That way I can keep the system up and running and keep all non-essential software off of the 3 computers; Linux(Edubuntu), XP, and Vista. Password secrecy is so important to the next generation. Keep up the conversation and maybe someone will begin to toot the horn. HONK! HONK!

  • Matt Selbie

    There are easy solutions that already exist for this problem that don’t require the remembering of a plethora of passwords or complicated challenge questions. Go to myVidoop.com, and use images to recall a secret that only you know that can then auto access whatever web site you want to visit. Remember one secret and your password organization challenge is over.
    If you can relate to this video: http://www.youtube.com/watch?v=8m1a26kFQrg
    Then there is a solution:
    https://myvidoop.com/

  • http://www.wesfryer.com Wesley Fryer

    Matt: I hope your comment is not a boilerplated, vendor-generated comment spam message. I see you also posted a plug for your company’s captcha page over on my email updates page. I appreciate your participation and contributions to this discussion, but please understand comments should not be product plugs.

    In terms of your points: Understanding password security in school settings is much more complicated and difficult than using a keychain solution of some kind (free or commercial) which contains all web passwords. Kids get access to the web in their classroom, in the library, in the computer lab, at home, and possibly other places. In 1:1 settings where a student is using the same laptop all the time that suggestion might work, but I don’t think it does/could when students are using different computers all the time– particularly ones which are locked down (as virtually all school computers are these days) and don’t permit installation of other programs like keychains by student users.

    The reality of our world is that we have to deal with multiple passwords. A solution like what you propose does not help a child understand why they shouldn’t share their passwords with others, whether that is for an AR test or for their banking site when they are older. Conversations are the only viable way to address these learning needs, I think.

  • Maureen Tumenas

    Solutions like myvidoop.com have age requirements- must be 13+, which doesn’t solve the password issue for younger students/

  • Allie

    I feel it is very important for students to begin learning passwords at an early age. Afterall, it starts them off with a sense of security and teaches them what is, and isn’t theirs. I also feel that it helps them later on in life. A computer password is only the being of numbers and letters that will need to be memorized in the future.

© Creative Commons License