We ask for 6+ characters mixed-case and alpha-numeric, which we force people to change every term. In general, this isn't a problem, although there are lots of forgotten passwords among Year 7 in the first week of each term.
IMHO, there isn't a "perfect" solution to password complexity, especially in such a mixed environment as a school. Too simple, and people will guess them / set obvious ones; too complex and people will write them down or type them so slowly that any fool could shoulder surf them. I do think that some form of complexity is essential though - before we started this policy, too many people had their husband/wife/child/cat's name as the password. We see less "borrowing" of accounts among students now, too.
Some people, when asked to change their password, are simply putting a "1" at the end, or swapping the order of the password (if, for example, the numbers relate to a significant date), but even that is better than nothing - it at least means that if their password becomes known to someone, they can only use it for a short while.
As for usernames, we use surname and the first 2 letters of the first name, e.g. jonesni, with email addresses building off that, e.g. firstname.lastname@example.org. This is the same for staff and students alike. This masks name, age and gender.
There are currently 1 users browsing this thread. (0 members and 1 guests)