Strong Passwords Keep K–12 Accounts and Networks Secure
IT leaders generally know that complex, hard-to-guess passwords are a deterrent to bad actors.
Cyberattackers “go after the easy targets first, and those are the people with simple passwords: something with 1-2-3-4 or their last name in it,” says IEEE Fellow Karen Panetta, dean of graduate education at Tufts University School of Engineering and author of Count Girls In, a book about mentoring K–12 girls in STEM fields.
Lately, the thinking is changing regarding what constitutes a “strong” password. Twelve characters with upper- and lower-case letters, numbers and special characters? That’s just a mess.
Faced with these over-complex requirements, “I’ve seen people with passwords on sticky notes on their name tags. When you lose your name tags and your passwords, then we have all your information,” McLaughlin says.
RELATED: Build a culture of cybersecurity awareness in K–12 schools.
The National Institute of Standards and Technology now encourages the use of passphrases, and McLaughlin calls this a great strategy for K–12 users. “‘Drink More Coffee!’ is a password that’s easy to remember and easy to type,” she says.
Software Updates Protect School Technology from Vulnerabilities
Software vendors continually put out updates to patch known vulnerabilities, and it’s crucial that K–12 IT administrators keep up with these changes.
When software makers alert users to a vulnerability, “they’re also notifying the cyberattackers, and the attackers capitalize on the fact that people are not proactive, that they don’t act quickly,” Panetta says.
With bad actors leveraging automated attack tools, outdated software assets present an immediate security risk. When software isn’t up to date, “the cyberattackers can use little robots to go out and find the vulnerable servers and attack them. It doesn’t even require a human anymore,” Mardock adds.
