Password complexity for primary school

Thanks for all your contributions - even those who couldn't resist bringing secondary schools into the discussion! :p

It's clear that most of you consider complex password for infant children unnecessary and undesirable, and I can see your point. My problem (and I'm acutely aware of it) is that I have worked in the financial services industry for (way) too long and am used to a completely risk-adverse culture whereby you normally need DNA samples to log on :) I accept that the school environment does not require such strong security measures, although I am still slightly concerned around data protection. Being able to log on to the school's network so easily is a gift for anyone attempting to gain access to school records etc.. I know it's a "closed network" to the extent that there are inherently physical access controls (locks on the doors!) in place, but it still niggles ... guess I'll just have to get over it :)

Re keeping the children's work secure ... my understanding is that now that ICT is becoming a core primary education subject, there is increasing emphasis on monitoring and assessing the child's progress in ICT, which means being able to keep a "portfolio" of work as the child progresses through the school. Therefore, other children saving their work in the wrong folder etc. and confused ownership will become a real issue, if it isn't already. Certainly, at my school, my ICT Coordinator is already pulling her hair out because she knows some children's work has got mixed up.

Anyway, thanks again all for your comments ... keep them coming!

Synack: Thanks for the explanation - way too complicated and expensive for my school.

Our system is similar to others here: Class username and password (Years 3 to 6 Junior School). Each class keeps the password as they progress through the school. I have for now begun to make the passwords more complex, but not so much that they are not memorable. It is quite amazing though how young people can actually remember something that's so important:)

Each class has a shared folder, each pupil has their own folder with year group folders within. Thus they keep all of the work they ever create whilst at the school. At the end of Year 6 I write their folder to CD, which is presented to them as a leaving present. Yes I know that CDs may become a thing of the past, and yes I know that some of the files may not be accessible to them at home if they don't have the necessary software/hardware. However, it does ensure that they hold their own work.

Here's a thought ... anyone used folder redirection to redirect each pupil's My Documents folder to a separate network folder? Could be done at an OU level, so only affects pupils, plus then teachers can view all pupils' folders at the same time (if they're structured into class/year parent folders etc.).

Really want to make this idiot proof (well, reception child proof anyway) so that each pupil doesn't have to think about where to save their work.

Ok ... consider this as a non-key stage specific explanation. If you are working on an open source project then each person may contribute code to a particular section. Depending on how you have set down procedures for it you may have it as a bit of a free for all and people put things in where they think best based on the instructions you have given them. Occasionally you get people copying over other code and so you have to revert back to previous entries instead (shadow volume copy anyone?)

As the project gets larger you might need to lock out certain people to only certain parts ... and so instead of a free for all you then give each person their own access ... but you still have the same general pot everyone contributes to. At least now you have some audit control so you know *who* made the changes ... but it is still a little ad-hoc (everyone still access a generic share and can do stuff to each other's work, but shadow volume copy will still help here).

The project now needs almost total control. Each person can only access their own piece of code. They have a clearly identified login and are told it is theirs. However, others may still have access to other accounts in case they need to so you don't use password control.

Finally you have to make sure that only the right person works on the right piece of code. The user accounts is now also locked down with a password too and every user is accountable with what happens with their code.

I know it sounds overly complicated but lets put it back into the educational settings.

Reception & Y1 - computers log on automatically using a single generic account but there is a group share that everyone can use. it may be (depending on the number of computers) that this is not automatic but a class account with no password (possibly just click on the class name and it takes you in).

Y2 & Y3 - you might still use class accounts or you might start moving to individual user accounts, but no passwords. The children still just use a single generic share but have their own folder.

Y4 - Individual user accounts but now also have their own home folder, only basic passwords if you are going to use them ... based around words they would be expected to know at this level (3 or 4 letter words ... ball, dog, cat, door, hall, bell, etc) but may be more advanced depending on the reading ability of the user. No ability to change password as that will sit with the teacher who knows all the passwords.

Y5 & Y6 - individual accounts, a general share for the class / year and individual user home areas. Basic passwords in place, teacher still control it but now possibly 5 or 6 letter words, based on what they know.

Y6 - Start giving the ability to change passwords to the kids as part of easing them into transition.

All the way through stress about ownership and control ... about how you only share what you have to, about respect for other people's property (you would not paint over someone else's work so don't delete stuff on computers either, etc) and so on.

This is a very rough guide and will vary from school to school, depending on confidence of the teacher (sometimes the limiting factor), the literacy levels of the children and the importance of ICT in the curriculum of the school. It is not perfect and not definitive. Always be willing to adapt.

Password complexity should not be a barrier to children using ICT. The school should take careful control over staff usage of accounts to ensure that if a teacher is using a generic computer in the classroom that any child using it should not have access to the sort of information covered by the DPA. If staff have a laptop / desktop connected to an IWB for children use consider having two accounts for staff ... a staff account and a teacher-in-class account (which still has access to the work needed but not shares with sensitive info on). This is very important for a Head / Deputy who teaches. Staff passwords should be suitably complex (not enforced by technology but by policy / procedures) and not shared in anyway with anyone else.

Bloomin heck - I might be agreeing with a post from Tony :eek: :)

regards

Simon

Quote:

---

Originally Posted by SimpleSi

Bloomin heck - I might be agreeing with a post from Tony :eek: :)

regards

Simon

---

It was bound to happen eventually. I have a large collection of chimpanzees, all with typewriters, churning out various posts so one was bound to hit the spot sometime.

We're a large-ish primary and are setup something like this:

Reception: Automatic logon using a single class account and password (year09/year09);
Year 1: Auto logon for the first term using a single class account and password (year08/year08);
Year 2: Single class account and password (year07/year07) moving to individual usernames and passwords for more able as appropriate during the year. This takes the form of 'year of entry+initials' (e.g. 06ABC) and their 6 digit date of birth (e.g 010203);
Year 3-6: Individual usernames and passwords as above;

('yearXX' relates to the year the children started in Reception)

All accounts use redirected 'My Documents' with staff having access to the root of the share for children's folders (Pupil's My Documents > KS2> 2007 > 07CBA > My Documents). This area is for children to save anything personal e.g. not connected with class, directed learning.

There is a central shared area available ('Pupil's Learning') that has folders for each academic year (e.g. '2009-2010') which contains year group folders (e.g. 'Reception', 'Year 1-2', 'Year 3-4' and 'Year 5-6'). Within these, are folders for specific learning units regardless of subject (e.g. 'Non-chronological Reports' or 'Databases', etc). Children are taught to save all learning into the appropriate folders here with an appropriate file name (which will usually include their first name too). This allows teachers to select entire units of learning for offline viewing (we make quite heavy use of 'Offline Files' on teacher's laptops) or as evidence for whatever without having to trawl through individual folders.

Within the 'Pupil's Learning' folder, there is also another folder ('Learning Resources') which has read only access for child accounts where staff place templates or other resources for specific learning units.

Staff accounts take the form of 'first initial+surname' and they are forced to change passwords every 120 days (roughly once a term). Passwords must be at least 6 characters long and be alphanumeric.

Dave