That's the password to log on to our WEP encrypted wireless access in one of our district's meeting rooms. With one or two changed characters, of course.
I've always had a suspicion that the requirement for a "strong" password really creates more security problems than it solves under most circumstances. Strong passwords require a minimum number of characters (12-14), need to be a combination of numbers and upper/lower case letters, and often need to forced-changed on regular basis.
Which all leads normal people to write them down and hide them in a convenient place - top desk drawer, under the desk calendar, on a sticky note adhering to the monitor...
The rationale for strong passwords is they are harder to discover if one runs a fancy password-guessing program to crack a computer security system. These programs rapidly try all common words and names in an attempt to gain access.
So the question I have to ask is: Which is more likely: a middle school student having access to a cracking program or knowing that passwords can be found under the teacher (or parent) desk blotter?
There are compromises that involve mnemonic clues to remembering strong(er) passwords:
- add a date to a child's or pet's name (sammy411)
- substitute numbers or symbols for letters (r0o$evelt)
- create an acronym (1itln - one is the loneliest number)
- write the password down but with a change in a single character that one can actually remember
None of these are recommended by an computer security expert, I am sure. Be thankful I don't work for the CIA.
Social hacking remains the number one computer security threat, at least according to the things I read. If you call someone and say you are from so-and-so security firm and are conducting an audit and need to verify his/her password, a high percentage of people happily divulge that information.
At last count, I have 54 different programs and websites that require a password for either school or work. I have them all stored in a password-protected database on my computer. Were a person able to obtain access, horror or horrors, s/he would be able to see my frequent flier miles, credit card and bank balances (both embarrassing), and edit my school web page. There are some benefits, sigh, to living a dull life.
So how do you create passwords that are difficult to guess but easy to remember? What are the practical rules for passwords schools should establish - and teach to kids?