3 Ways for Students to Steal Your Password#Technology
by Erin WerraRead time:
Open sesame. Abracadabra. Please and thank you.
When you’re locking down data, how secure is the password you chose? If it’s anything like the magic words above, have we got news for you.
Your password tricks are not working. Worse, you might be letting security slip and opening yourself up for a student to sneak information to unlock valuable, FERPA-protected data. Learn three ways students may be able to gain access to your passwords.
1) Guess itSome students may possess the skills and software to crack passwords using complex algorithms, but any student can at least run down the list of most common passwords and give them all a shot. Even in this time of supposed heightened security awareness, a shocking number of people still choose ineffective passwords like “password,” “qwerty,” or “1234.” Variations of last names, kid names, and pet names are also easy for any amateur to guess.
Avoid keeping a list of passwords anywhere a student might find it—including a desk drawer or a purse. Some students are willing to cross boundaries in order to get to your credentials. The safest bet is not to write down passwords at all.
Keep your passwords safe from prying eyes as you type them in, too. Even catching a glimpse of part of your password can make it easier to guess the rest—even if you replace letters with numbers, add capitals, and choose special characters.
Pro tip: Try a passphrase instead of a password. Choose four unrelated words in random order. Tough to remember, but tough to guess, too!
2) Log itThere’s a gadget for everything these days—including stealing passwords. Keyloggers are small devices designed to plug into a computer to capture every keystroke. This includes sensitive data such as personal information, credit card numbers, and of course, passwords. Keylogger software also exists and is distributed through malware.
Anyone can purchase keylogger devices online; the hardware is not regulated. They’re easy to slip onto an unattended computer. Most are small, a little larger than a wireless mouse dongle, and go unnoticed by the user. The student can then retrieve the keylogger (and your data) at a later time. Recently, a student at Kansas University used a keylogger to capture professors’ credentials and was later expelled.
Pro tip: Be suspicious of shared computers. If you’ve left your own computer unattended in a classroom, double-check the devices plugged into it before you type in your password.
3) Phish itYou know not to open suspicious-looking emails from strangers, but what about emails from your school’s portal? Earlier in the year, a 16-year-old launched a successful phishing scheme, managing to grab teacher credentials and change his grades by linking phony emails to an undectable mirror image of the school's login portal.
Students are gaining so many useful skills in the computer science field, but sadly some will put them to nefarious uses. No security-focused edtech organization would send an email asking you to log in or provide your credentials. Don’t click on anything suspicious, or you risk sending your personal data directly to a hacker. Forward the email to your IT department with a note, so they can check it out and sound the alarm before anyone else in the district falls for it.
Pro tip: Hover over links to make sure they’re going where they say they’re going, or better yet, stick to your tried-and-true routine of logging in via bookmarked links or known pathways to be sure you’re on the right page.
Your students may be some of the most tech-savvy people on the planet right now. Stay one step ahead by protecting your credentials. When you lose your identity at school, you're not the only one likely to suffer.
Follow-up resource: More cybersecurity refreshersThese videos help you protect top targets. Check out Security Drill: 3 Threats to Watch For.
|Erin Werra Password Protector|