Choosing and Using Good Passwords
The information in this series of Web pages is about choosing and using good passwords. It is provided by the Technology Resources Group (TRG) and Distance Learning Center (DLC) at De Anza college. Terms in italics are defined in the glossary section.
You may read through this information in three ways:
A Case for Better Password Choices
Over the last several years, groups of students have unsuccessfully attempted to hack into their instructors’ accounts. When these attempts are discovered, the students are kicked out of those courses. Historically, it is rare that a student who is unsuccessful in guessing a password be subjected to severe punishment.
In Fall of 2009 a small group of students succeeded in correctly guessing an instructor’s password. With this information, they were able to view test data as the instructor before taking each exam, resulting in the students receiving A’s in the class. (NOTE: Had they sold the password or exam data to another student, they would have faced significant jail time upon discovery.)
These students evaded discovery because they were able to guess the instructor’s password on the 2nd try. In addition to using a poor password, the problem was compounded by the instructor’s inattention to activity in his course. It was only later – when one of the students failed to guess another instructor password – that they were caught. These students were expelled from the FHDA district permanently but the district opted not to pursue legal action in this case.
Security is everyone’s responsibility. Your choice of a good or bad password can mean the difference between a student being removed from your class or spending years in jail. In addition, the instructor above was required to go through his course with a fine-tooth comb to ensure no changes were made to any grades, assignments, quizzes, users, links, etc. This was a very time consuming process.
Introduction > Good Passwords vs. Bad Password