Can your students guess your password?

Could your students guess your computer password? Top 10,000 passwords in a WordleTeachers live in a digital world. We use computers and email systems to store and communicate student information to parents, teachers, and other colleagues: marks, assessment information, tests, special education data, etc.

Could one of your students guess your password?

Obviously, this isn’t a problem if you teach grade 1, but if you teach in middle school or high school, you have a lot more tech savvy students with a lot more time on their hands.

Is your password, “password”, “123456”, or “12345678”?

  • Apparently, almost one out of 10 people use one of those three passwords.
  • It stands to reason that one out of 10 teachers uses one of those passwords as well.

Security expert Mark Burnett has published a list of the 10,000 most common passwords. He’s been collecting passwords for over 20 years from public sources. (These passwords are real passwords that are from lists that have already been made public and can be found by anyone. You can read about how he collects passwords here.)

It turns out from Burnett’s data that 91% of people have a password from the top 1000 passwords. (You can look at the list of 10,000 most common passwords here.)

Barnett has a visual of the top 500 passwords as a tag cloud on his site, but I created a Wordle with all 10,000 passwords Ć¢ā‚¬ā€œ see the image at the top of this post. (Wordle is a cool cloud-based visualizing website that lots of teachers use for poetry or language arts projects. Before you think about using this password data in the classroom, you should know that there are a lot of inappropriate words in the list.)

Here’s a Wordle with only the top 50 passwords used by people. Can you find your password?

So how can teachers come up with more secure passwords?

A lot of computer security stuff is managed by your school board.

  • Sometimes they generate student or teacher passwords that you can’t change.
  • If you are allowed to come up with their own passwords, sometimes you are forced to come up with a password that is a certain length and uses certain characters.
  • I’m sure there’s a lot of other behind the scenes security policies to prevent brute force password guessing. (Have you ever had to call into your IT department because you guessed the wrong password and your account got locked?)

But choosing a strong password is also important.

Guessing a computer password is a lot like finding a needle in a haystack. The question is, how big is your haystack? Computer hacking expert Steve Gibson has a tool which shows you how long it would take to guess your password if a hacker use every possible combination of letters, numbers, and then symbols. (Even though, it would take 17.33 centuries to randomly guess “Password”, password crackers will use dictionary tools first.)

Here are two things that teachers (and everybody else) can do to come up with more secure passwords:

1. Come up with your own personal secret that you add to the end of your password to make it stronger.

Gibson asks the following question on his haystack website:

The first password is easier to remember and stronger. Here’s why:

  1. It has an uppercase character (D)
  2. It has a number (zero 0)
  3. It has a lowercase character (g)
  4. It has a special character (.)
  5. It is one character longer.

In this example, they added a bunch of periods to the end of their password. If everyone started doing that, then attackers could simply start adding dots their guesses. Security expert Gibson tells us that we just need to invent our own personal padding policy.

  • Come up with a system to add special characters to the beginning, middle, or end of your password.
  • Just as your personal funny face: ^-^ šŸ˜‰

2. Use a password manager so you can have different complex passwords for different websites

playstationnetworkA lot of people use the same password for all of their different websites because it’s easier to remember. The problem is that a lot of large website companies get hacked and information gets dumped onto the internet.

Last year, 77 million Sony PlayStation network accounts were hacked. The information included names, addresses and other personal data, including potentially credit card information. Data was leaked as a torrent so anyone could grab a copy.

Password managers like LastPass are programs that lets you create, manage and enter passwords into your web browser. If security experts do it, then it should be good for the little people like us.

You may not be allowed to install programs on your school computer, but online services like LastPass or 1Password have an online website so you can login and access your passwords.

How secure are your school passwords?

Leave a Reply

Your email address will not be published. Required fields are marked *