13 April 2009

FuzzyBunny can get you in trouble: The importance of changing your password

Three weeks ago our school website and a website maintained by our music department were hacked. The perpetrator or perpetrators wrote some vile things on the homepage. The individual(s) was/were able to do this because they allegedly had passwords to both sites. This post is not about the incident at my school, but rather the discussion that it prompted in my classroom and the thoughts on personal internet security that I've had since then.

First, I asked my students how many of them changed passwords on accounts they access at school (i.e. email). I got blank stares. While a few students knew in theory that they should change their passwords, none of them had done so. Nor did they, on the whole, have more than one password that they used. PC World reports that one third of internet users have a single password for all of their accounts. That means that if one account is compromised, they all could be.

We next talked about the type of password they should select. If your favorite animal is fuzzy bunny then that should never be your password. Nor should you use your birthday, your mom's birthday, your address or anything else that could be easily discovered. Ideally, your password should contain letters and numbers and should be changed frequently ESPECIALLY if you are using public computers (such as those in school).

Finally, we talked about the importance of something as simple as logging out of a service to protect yourself. Daily I find that many of my students log on to check email (which is required of my yearbook students), but then fail to log off. Two or three hours later we discover that the browser window was minimized, but the account is still wide open.

Some students complain that they can't remember multiple passwords. That could be a problem on public computers, but on your home PC you could use a password management system.

Education about personal password safety is important. While we might think that it's no big deal for students (after all they aren't doing any online banking at school) a breach in password security could have far-reaching consequences. Perhaps a potential employer could get a malicious email or a comment could be posted to a blog that could set off a fight. We owe it to our students to discuss their online safety.