View RSS Feed

Grumbledook's stuff!

Usernames - Should they identify a pupil?

Rating: 2 votes, 1.00 average.
by , 13th November 2009 at 05:24 PM (10202 Views)
In a discussion about student IDs I got a tad frustrated by the take some people have about Becta guidance and that it is given from a point of not really understanding how the real world works or giving examples ...

Quote Originally Posted by GrumbleDook View Post
With all respect to DB and AT ... B*11*cks

Becta put out the recommendation based on data protection guidance and esafety guidance from a heap of places and just collate it. Having a go at them for doing this is pretty pointless and hiding your head in the sands about wider issues.

1 - a kid emails a mate about something, who then replies but includes a mate outside of the school. The person outside of the school is an adult, and then now might have name, approx age (cause they understand that 09 at the beginning of the userid in the email means they started at the school in 2009) the surname or forename (so many schools have it as jbloggs or janetb) and they are also likely to get the forename from the email too. It is not about a single piece of data that makes it dangerous but when you string it together.

2 - People hate giving real, flesh and blood people a number as their identity. "I'm not a number, I am a free man!" I hear you cry ... well, how many of use know our NI number off the top of our head. I am pretty sure that ex-forces / police / etc can remember their numbers too! There is nothing wrong with introducing this to the kids as long as it is done in a timely, professional and sensible fashion. Roll numbers from MIS are fine ... if your school uses ID cards then get this number onto the ID card. If someone wants a password reseting then just ask for their card. Job done ... simples!

3 - When Becta (and others) give guidance or a framework too many people say "this is the way we have now been told to do it!" so they don't give too many examples anymore because people don't think for themselves and just point the finger if it is not right for their school. They just can't win. Before you have a go at the lack of examples about it why not say ... "hey, let's think of some ways to improve this!"

I bet that if I was to suggest we do this though we will get a slack handful that say something, but people are more than happy to jump on the bandwagon about BSF, job applications, salary scales ... I guess we all have different priorities.


  1. localzuk's Avatar
    Sorry but this is a bizarre thing to discuss. What does it matter if someone gets a name? A name is a name! You can't do anything with it! Name and age? What does that give? Nothing.

    Pupils have difficulty remembering how to spell their own names in our year 5, then we have all 4 years who continually forget their passwords. You really think they're capable of remembering numbers? You seem to be working from a secondary school age group perspective.

    Kids don't get issued with ID cards. Why would they? They'd just lose the damned things!

    I simply don't understand the fear of someone knowing a child's name and age. There is nothing you can do with it!
  2. Killian's Avatar
    I'd hardly say they can do nothing with it; once you know a name and the general naming convention for user IDs you can pretty much get almost unfiltered access to a child via the email system (providing they avoid tags/keywords for filtering systems).

    I wouldn't know what the solution would be though. The students here are constantly forgetting passwords so how they'd cope with 'numbers' is beyond me. Still; it's a valid point and worth discussing, surely there is a better system out their that is kid friendly.
  3. localzuk's Avatar
    Killian - I thought schools should be implementing walled garden based email systems? ie. the pupils can only email, and be emailed by, a select set of addresses? Ours can only email each other, and people on our staff email domain. So getting their username/name would be useless still.
  4. Killian's Avatar
    Good point I'm pretty sure some of the students here can email outside of the the school but maybe I'm wrong.

    I keep meaning to speak to our Network Manager to get limits on the amount they can send to as the spam is getting ridiculous now so will check that at the same time.

    The only other thing that would concern me is webmail access. Once you know someone's names their passwords tend to be either left as a default, the word 'password' or their favourite football teams. That's probably more of a job for password complexity settings though I suppose.
  5. CAM's Avatar
    We use a sort of code. The year they started then a unique ID followed bytheir first and last names mangled up and swapped. It all goes through the borough's EMail system to hide the fact they are a school pupil.

    As an example, your name of Grumble Dook would be 095433doogru on our EMail system. No-one has any idea what the string means or if they are talking to a male or female, adult or pupil. Or even if they go to a school.
  6. GrumbleDook's Avatar
    Oops ... really should check this and respond.

    Name and age are two key pieces used by those grooming children so any chance you can of protecting them is a good thing.

    And yes, kids forget things ... they forget their home phone number (but learn it), they forget their home address (but learn it) and yep there are good examples of KS1 and KS2 having no problems with individual accounts. I know it is different for each school but it can work.

    As for walled gardens ... yes, it is recommended that kids are introduced to email via walled garden systems but they can quickly outgrow that. If you keep them enclosed for too long they will either get bored and do stupid things or push the limits and break through things to use external email solutions. I get to see year 4 students doing this ... and whilst it is more the exception than the norm it is there.

    @CAM, yep, I like your system and have seen similar elsewhere.
  7. localzuk's Avatar
    Saying that those items of information are used by those grooming children is one thing, but have you got any evidence that someone got their details from their school email account, and then used this for their nefarious activities?

    It just strikes me as a step too far, and as yet no-one has managed to provide me with evidence as to the need for using obscure usernames.
  8. GrumbleDook's Avatar
    Yep, evidence is from CEOP Trainer training where there are some terrible examples. I would recommend as many IT managers and technicians become Think You Know trainers to help support their school as well as finding out the nastier side of the world.
  9. Old_Skool's Avatar
    Were a US school and currently use both methods. Our student email is first_last@school district and all of our students use 8 digit (random) numbers to login. I have to say from middle school on most kids know their ID # ... passwords of course are always forgotten. I am a believer that K12 students email should not easily identify them. I think we're heading towards some letters from their name and some numbers as their email name. Keep in mind this is the US where guns, kooks, and disgruntled ex-husbands flow freely. Kids under 18 need to be protected.
  10. cpjitservices's Avatar
    at the college the kids login with there user ID which is first initial, last name and then D.O.B so like jbloggs12399 but then as the email goes through our network the name is stripped and we used to have it go out as just but now it goes out as a random string as we can see through mimesweeper for example seems to work well.

    everytime an E-mail is sent internally though we can see what number generated to the account that sent it so the email would come through to us as but only us on the inside can see that.

    so to anyone outside the campuses through out the whole network, wont see any real identity as to who sent the e-mail.

    Alot of the older students however like 16+ dont use the interal system and use Yahoo or Hotmail but thats another story....

    Merry Christmas

    groovy huh.
    Updated 21st December 2010 at 05:02 PM by cpjitservices
  11. GREED's Avatar
    Interesting item this. My previous place used first initial, last name, and the last 2 digits of the year they would leave if they were to stay through to the end of 6th form, so Graham Reed and I leave in 2012 would be: greed12. Emails were the same alias. Not amazingly obvious what these details referred to, but not hard to remember either.
  12. f2mke's Avatar
    Some interesting comments! I could write on this subject for - well my age plus VAT ;-) Whilst I am not an educationalist, I fear that many of the views expressed here don't look beyond the technical and / or ease of management PoV.

    In summary:

    - Identifying gender and location is a real safeguarding risk. Grooming is potentially made so much easier and especially behind the 'closed' door of an Inbox.

    - Treat your password like you would your toothbrush - okay it's a cliché by now... But it is probably ridiculous to suggest that learning and safely maintaining a set of login credentials is not important for today's children (digital natives don't forget). It's an excuse to suggest that even the early key stagers can't remember. I have too many examples of out of school scenarios where they are very capable!

    - Still concerned about the above? Reduce the amount of personal data / information about an individual that a web or cloud based service needs to complete authentication. Opt for an open standard like Shibboleth to increase security and reduce memory loss. Err... Single Sign-on

    Overall..? There is a strong balance still to be sought between the implementation of safeguarding tools and processes and the old fashioned e-Safety equivalent of the Green Cross Code, or Stranger Danger campaigns from my day!
    Updated 5th February 2011 at 12:52 AM by f2mke


Total Trackbacks 0
Trackback URL: