It is often said that data and networks are far less vulnerable to sophisticated technological attack than they are to human mistakes. This is borne out time and again with news of large-scale hacks that were made possible not by expansive, high-tech eavesdropping operations, but instead by individuals who were tricked into giving up a password over email, passwords that were written down, or passwords that are so simple as to be cracked in seconds.
Indeed, the use of difficult-to-remember passwords – and the steps that people take to keep track of them – is one of the key ways that attackers compromise a system. In order to protect yourself and any organizations – including the Iowa City Community School District – whose systems you have access to, one easy solution is to switch from passwords to passphrases. Read More »
We experienced a number of issues yesterday morning with students being unexpectedly forced to change their passwords; we avoid this type of unanticipated password change requirement due to its clear, negative impacts on instruction. We believe that we have resolved this problem as of 10 AM yesterday morning, and have begun reviewing our policies to ensure that this does not occur again.
On a related note, we’ll be beginning work next week to update our password policy to ensure that we’re safeguarding our students and staff while making sure that accounts are accessible and easy to use. This work will be driven by newly released standards from the federal government’s National Institute of Standards and Technology (NIST); opens in a new windowyou can read the full Digital Identity Guidelines here. For a nutshell version of some of the changes between the newly-released guidelines and previous recommendations, opens in a new windowcheck out this article.
I’ll be posting more information as we move ahead with the process of updating our policy.
Yesterday, opens in a new windowGoogle Drive was subject to a phishing attack that sent fake messages with a Google Doc link, with a subject line telling you that a file had been shared with you. This was a worldwide event (not just ICCSD), and you can read about this issue opens in a new windowhere, opens in a new windowhere, and opens in a new windowhere.
What should you do?
While there is no evidence that this scheme allowed attackers to steal passwords, we are recommending that if you clicked the shared doc link in one of these spam emails, you change your password as a precautionary measure. Since our ICCSD Google passwords are synchronized with our network passwords, you’ll need to change your network password. You can do this by pressing Control-Alt-Delete at the same time, and clicking “Change a Password”. You’ll need to enter your old (current) password, and then enter your new password two times. Within a few hours (at the most), your new network password will be synchronized to Google, and will become your Google password as well. Read More »