School ICT Policies Thread, Password legislation/rulings in School Administration; re: usernames... when I was at uni my department used to use a rotating letter to identify the year... example: ...
28th March 2008, 01:24 PM #16
re: usernames... when I was at uni my department used to use a rotating letter to identify the year... example: I was ctztdn
ct (course) z (97 entry) tdn (my initials)
Had I been a year ealier, i'd have been ctytdn, then ctx..
This allows internal users a mnemonic for each year (and of course a non-changing username) IIRC there were only vwxyz in the rotation, as that more than covered a few years.
I think it is useful to use more than initials, however, as these soon get exhausted and you end up with "td2n" and things - yak.
IDG Tech News
28th March 2008, 01:38 PM #17
Originally Posted by tom_newton
28th March 2008, 01:53 PM #18
I undertand that on email addresses it must not be possible to work out the name, age or gender of the child. I think I read that on becta somewhere.
Originally Posted by jcollings
We previously had no password policy, even blank were allowed. I was horrified to find that a teacher had a blank password - he just couldn't see the point of setting one. It hadn't occurred to me that staff might have no password.
When I did set a policy following this incident (and notified the whole school a month in advance) I got some nasty ear ache off the staff (none from the kids) about it for months afterwards.
I dug my heels in and now they just accept it and get on with it when they're forced to change them.
28th March 2008, 03:23 PM #19
- Rep Power
I don't see the point of this. I guess many do what my mum used to do when she had enforced password changes at the bank. She had a list of them in the back of her diary and rotated through them. I know for a fact that our office manager has done this too for county payroll and admin systems.
Originally Posted by elsiegee40
Does this make for a more or less secure system?
28th March 2008, 04:05 PM #20
The most secure password systems are those which do not enforce changes
28th March 2008, 04:19 PM #21
Our teacher passwords are set once and then never changed. Most have the same password for logging on locally to their laptop as they do to the network. I have complained but no one cares about security so....
The children have similar to most of you: yearsurnamefirst3lettersoffirstname (07smithemm). They don't have email addresses here.
28th March 2008, 05:51 PM #22
Originally Posted by Jona
28th March 2008, 05:53 PM #23
Changing passwords is only really useful for damage limitation once someone's got in. With the primary adversary being kids here, i really think you're going to notice almost immediately you are compromised... this would, in my eyes mean the benefits are outweighed by irritations (more forgetters, writing down, etc).
Worth communicating "what to do if you think someone has your password" though.
28th March 2008, 06:05 PM #24
Do you have more instances of the students forgetting their passwords now though? Infact what about staff forgetting their passwords if they use a similar context?
Originally Posted by MrHappy
28th March 2008, 06:11 PM #25
Usernames to login are:
07AIBSMITH (Year of Entry + First 2 Letters of Form + Initial + Surname)
e-mail addresses are:
bsmith@stbedes......... (for staff and students but both on different domains, but im going to introduce a new e-mail system for students so we will probably create a new formula such as gs100@stbedes..... (initials + number starting at 100) for our student accounts. Printed out on sticky labels so they can stick into their planners at the start of the year - not with their passwords on of course.
30th March 2008, 12:02 PM #26
Sorry to be so negative in my first post, the school were I used to work had some very vindictive staff. They also had no training policy so they had lots of staff who had 0 confidence in IT.
We had 90 day password changes with your last 6 passwords not permitted. We however had no restricton on how often you could change your password. Net result was some teachers when asked to change their password would then change it 6 times so they could change it back to te one they had before.
30th March 2008, 03:27 PM #27
You are having a laugh...
Originally Posted by MrHappy
30th March 2008, 06:05 PM #28
I'm surprised some of you mentioned you have no password policies or no password at all. Staff generally have higher access rights/access to sensitive data and the school overall has a responsibility to protect this data.
Believe me, I've had my fair share of problems getting security to what I consider a reasonable standard. I think the key to it all, is firstly to make the Head and ICT Co. aware and to get them on your side. The ICT Co. should create and have policies in place that all staff should agree and adhere to.
Once you've got this far, the rest is easy as it's all enforced by GPO. I do think it's important to get an equal/fair balance of number of days a password is valid for, number of characters required, but also the history of passwords remembered. If you find people writing passwords down then I would say the password policy needs tweaking or staff need one to one support to give them a clearer understanding of the importance of network security.
31st March 2008, 09:25 AM #29
Now that's a good idea! I might try that.
Originally Posted by Sylv3r
31st March 2008, 09:39 AM #30
We don't currently have a password policy as such (ie, not a GPO one) but I believe something was started on a written one before I came. I'm not sure what happened with it though.
By timbo343 in forum Windows
Last Post: 18th November 2007, 04:36 PM
By sqdge in forum Windows
Last Post: 31st July 2007, 03:47 PM
Last Post: 27th July 2007, 09:23 AM
By Anti in forum School ICT Policies
Last Post: 20th June 2007, 10:26 PM
By kevin in forum Network and Classroom Management
Last Post: 17th May 2007, 02:14 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)