Student Passwords – Live and learn

If you use G Suite or Office 365 with your school – those students must have a password. If you work with high school students it is easy – they can manage their own password. Heck even middle school students can manage their own passwords (most of the time). What if you want to use these services with elementary students? Now there are some questions. I’ll let you know what we have done and what seems to work for us.

Early childhood – Preschool – Kindergarten

OK – this is pretty easy. Of these two, we only give kindergarten an “account.” What we have done is made a general account (one per class) that the teacher and the teacher’s assistant use. The account has no Gmail and only access to drive for certain projects (mostly slides) that they work on. When they do work on projects the teacher usually logs into the computer or iPad and then lets them work. It takes a little time but it ensures no one has the password and the students aren’t working on it at home.

We haven’t had any issues about accounts or kids doing anything bad since they only use Google Drive while being supervised. If something does happen (a document deleted or a student working on the wrong document) it is usually caught quickly and remedied.

Grades 3 – 4

Now onto grades three and four. This is different. Each student has their own account. Gmail is still turned off but they have access to Google Drive and they have their own password that they know unlike grades K–2.

We used a simple combination of numbers and words and we recorded the passwords down into a chart and we kept a copy and the teachers had a copy. That way teachers could remind students what their password is or we could. Also, if a teacher ever suspected a student was up to some tomfoolery she/he could log into the student’s account and check it out first hand if they need be.

Things worked fine for a while and then the students started talking to one another and started figuring out the password conventions. Can you guess what happened next? I bet you can.

Some brave students then started to log in as other students, create documents and use these Google Docs as a kind of messaging board. It had some mean stuff about others but it wasn’t as awful as you might guess. Due to revision history we could see who wrote what and when. Those particular students were spoken to by administration and their parents were informed. Of course the file was deleted.

The fix

After the administration and the teachers sat the whole class down and talked about treating others with respect and how their Google account is not actually theirs but the schools and that they should expect no real privacy with it.

I then disabled the entire class’s Google access and rolled in and explained that impersonating another person in Google is illegal and tell them about the story of a student from my university who hacked into a girl’s email account, sent her cryptic messages (from her own account) and was investigated and arrested (true story).

Now it was time for them to create their own and unique passwords. We stressed that the only people they should is their parents, their teachers and the IT people. DON’T TELL YOUR FRIEND! Since then we haven’t really had any issues outside of a few students who have forgotten their passwords.

Episode 105 – Passwords!

105

Tim, Dave and Patrick discuss ergonomics in classrooms, passwords and Amazon within schools. Check out the talking points below!

As always, subscribe to us on iTunes, follow us on Podomatic or subscribe to us using your favorite podcasting app.

Ergonomics – Students and Teachers
a. Link: http://www.techtimes.com/articles/124981/20160117/stand-up-desks-in-school-may-improve-students-brain-function-study.htm
b. Link: http://www.mdpi.com/1660-4601/13/1/59
c. Link: http://www.nbcnews.com/nightly-news/california-school-children-step-standing-desks-n449496
d. Link: http://www.huffingtonpost.com/entry/standing-desk-sitting-danger-study_us_561e87aee4b050c6c4a3bb7f

The 25 Most Popular Passwords of 2015 by Jamie Condliffe of Gizmodo
a. Link: http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514
b. Should we teach students about good password practices?
c. How much time and when?

Amazon exec: Our drones will deliver in 30 minutes or less by Katie Collins of CNET

a. Shouldn’t schools buy everything the can through here!
b. Amazon Prime: https://www.amazon.com/dp/B00DBYBNEE?tag=googhydr-20&hvadid=42852692325&hvpos=1t1&hvexid=&hvnetw=g&hvrand=3428621605230220944&hvpone=&hvptwo=&hvqmt=e&hvdev=c&ref=pd_sl_cp4b2ukra_e

You can always download the episode HERE!

[audio http://itbabble.podomatic.com/enclosure/2016-01-21T21_05_17-08_00.mp3]

Changing Passwords: More Than Just a Security Annoyance

44877146

When working in a corporate setting, the IT department will normally set a password expiry date, and on that date, everyone will be prompted to change their passwords. This is seen as a simple straightforward process that does not require any significant tech support.

Unfortunately, in a K-12 academic setting, changing passwords takes planning and needs to be seen not just as a time to update security, but also as a time to look for weakness in the IT organizational structure.

If the teachers and students use school bound Apple Computers, you are going to be in for a fun ride. A ride filed with corrupted keychains and dysfunctional OS X user profiles. Web-based LDAP systems will also need to supported, as they store passwords in the browser. Web-based LDAP, you are thinking, “Oh we don’t have anything like that.” Ever heard of Powerschool, 3SYS, or Moodle? It is very likely some of the technology teachers and students use online, authenticates to the same password that used for logging into the school bound computer.

Let’s start with the OS X keychain. I am not going to explain the Keychain. However, I will include two links that will help make it clear.
http://en.wikipedia.org/wiki/Keychain_(Apple)

http://www.macworld.com/article/2013756/how-to-manage-passwords-with-keychain-access.html

When a password is changed, the Keychain will prompt some users to either make a new Keychain or update the existing one. For about 20% of all users, this will simply not work. Instead it will corrupt the Keychain. Then, every 5-10 seconds, a window will open asking for a Keychain password. Users will try their old password, and the new password, those passwords will not work. Sys admins will try to use their admin password, and that will not work.

You can only fix this issue with the terminal, and here is how you do it.

1. Press command – option – esc and force close everything. If the pop-up window will not close, just move it to the left or right side and leave it alone.

2. Open the Keychain App. Go to Keychain–>Keychain First Aid.  You need to run a repair, but you will need the SYS ADMIN password. The user’s password will work, but it will not really do any repairing.  When done. Close the Keychain.

3. Open the terminal. You will already be in the users home directory.

Type:  cd Library – hit enter
Type: cd Keychain – hit enter
Type: ls  , and you will see a LIST of files/folders.

The one you need to work with will be a string of ALL CAPITAL LETTERS and numbers. It will look somethings like this : CE7B0E5A-CB72-5566-AFE2-9FA95594BF8C
Please be aware, everyone will have a new combination, this is just an example.

In the terminal,
Type:  sudo mv CE7B0E5D-FB72-5566-GFE2-3FA95577BF8C  .oldfile – hit Enter.

You do not have to TYPE the long string. Instead, you can type the first three characters, then hit the TAB key. The terminal will complete the long string for you.

4. Close the terminal and open the Keychain again. Run the Keychain first aid again.

5. Restart, and let the user login. The user’s Keychain and account should now be fine.

6. If you are using a print-server, after you restart, open the Keychain once more. Find the print-server passwords, and delete them for the user. If you do not have a print server, skip this.

Next, a corrupted user profile. If the user can login but:

1. They cannot change their password or are not prompted to change it.
2. They cannot print anymore.
3. They cannot connect to any LDAP services, like Powerschool or Moodle.

Just stop trying to find the problem and re-bind the machine. This happens on Windows OS as well. It only take a few minutes to rebind a machine to the network, there is no need to waste time trouble-shooting if one of the three symptoms exist.

Clearing the browser or LDAP passwords is the final step. The browser will often ask the user to update their password. Unfortunately, most users will stare at that box and ignore it. They will hit enter and lose their one chance to update their password. This means taking steps to inform people have to complete clear all their browser passwords.

Hopefully a policy is in place so users know what browser they should be using for official school work. If not, send instructions for all browsers and hope everyone will take time to read them.

Wow, changing passwords is so much fun. I still haven’t explained all the other things that happen when the community goes through this process. This post is getting long so I will list these gems of knowledge below:

  1. In order to change passwords for a group of people, the sys admin will enable this in the directory management software. This is software used to group people and give them network permissions. If this directory has been badly maintained, that fact will be realized very quickly. If problems in the organizational structure are apparent, then stop the password changing, and fix the problem immediately. Passwords cannot be changed until the organizational structure is fixed.
  2. Users who have computers that have been improperly clone or configured will float to the top like oil on water. There are always people who have been issued computers that were never setup properly; and there are people who have cleverly hacked their security. Unfortunately for these people, password changing day is a bad IT day for them. Take the time and get their systems setup properly.
  3. Users who have been using a weak password will become angry, and they are probably the ones handing passwords out to students. They are the weakest link! Password changing should include an increase in password complexity, or some change in security. Any minor change will infuriate those who have been using their firstname as their password, or the word ‘password’. Anyone who is irate should be counseled and not ignored. They are easy to ignore, but the IT department should realize they have no sense of security, nor do they think there is a need for it. There is a need for security, so make sure these users understand the reasoning behind the policies.
  4. Students who have been sharing user names will also surface in a very nervous and confused manner. I always setup laptops in batches of 25-50, and coordinate students to change passwords. I do this to observe them and to answer their questions. Their are always students who share accounts, and these students will be obvious, one of them will not be able to login. The odds are pretty low that they will be in the same group and exchange the new password in-front of the IT staff. Finding these students and enforcing the school’s acceptable use policy is important.

I personally feel every school should go through this process twice a year. I think it reinforces security and IT standards. It is also a good time for IT to be out of the office and working with the whole community. Unplanned support happens and good information is exchanged in a very short time span.

I recommend having staff attempt to do the changes themselves, but if they need help, schedule a time and place to meet everyone. Do not use email to support this type of activity. Tell participants to meet IT in “xyz space” between the hours of “whenever-and-whenever”. Be on time, with as many IT people as possible. Also make sure network management is available on all IT personnel laptops.

Students should be informed in advance, but, coordinated during their lunch hour(s) or study halls. The process takes less than 2 minutes, and it will provide valuable information. Also, this is a time to connect with students and answer their questions, they always have more questions for IT than most people realize.

Tony DePrato
www.tonydeprato.com

Podcast Episode 55 – I want a Portal gun – February 7, 2013

itbabble_podcast

 

While we are missing Omar and Cara it was still a great episode. I mean check out that agenda below. As always you can find us on iTunes and Podomatic.

  1. iTunes University Workshop
    1. Course Manager
    2. Can only be viewed on an iPad
    3. Modular by design
  2. Portal 2 to teach Physics
    1. Portal 2 website
    2. The official learning with Portals website
    3. A teacher’s blog site
  3. Learning how to play the guitar – online
    1. Year of Rock website & the Instinct website
    2. Better or worse than a real teacher?
    3. Better or worse than GarageBand or online classes?
  4. Passwords and online security
    1. Google 2 step verification
    2. What can students do to protect themselves
    3. Lifehackers 5 best Password managers
    4. Kill the Password: Why a String of Characters Can’t Protect Us Anymore by Mat Honan at Wired
    5. Hackers Outlaw and Angels – Hacker documentary
  5. iOS app of the week – Ticket to Ride
    1. $1.99

Subscribe to us on iTunes HERE!

Subscribe to us on Podomatic HERE!

Listen to this week’s episode below.