It is often said that data and networks are far less vulnerable to sophisticated technological attack than they are to human mistakes. This is borne out time and again with news of large-scale hacks that were made possible not by expansive, high-tech eavesdropping operations, but instead by individuals who were tricked into giving up a password over email, passwords that were written down, or passwords that are so simple as to be cracked in seconds.
Indeed, the use of difficult-to-remember passwords – and the steps that people take to keep track of them – is one of the key ways that attackers compromise a system. In order to protect yourself and any organizations – including the Iowa City Community School District – whose systems you have access to, one easy solution is to switch from passwords to passphrases. Read More »
We experienced a number of issues yesterday morning with students being unexpectedly forced to change their passwords; we avoid this type of unanticipated password change requirement due to its clear, negative impacts on instruction. We believe that we have resolved this problem as of 10 AM yesterday morning, and have begun reviewing our policies to ensure that this does not occur again.
On a related note, we’ll be beginning work next week to update our password policy to ensure that we’re safeguarding our students and staff while making sure that accounts are accessible and easy to use. This work will be driven by newly released standards from the federal government’s National Institute of Standards and Technology (NIST); opens in a new windowyou can read the full Digital Identity Guidelines here. For a nutshell version of some of the changes between the newly-released guidelines and previous recommendations, opens in a new windowcheck out this article.
I’ll be posting more information as we move ahead with the process of updating our policy.