Ask Slashdot: How To Keep Students' Passwords Secure?

First time accepted submitter bigal123 writes My son's school is moving more and more online and is even assigning Chromebooks or iPads to students (depending on the grade). In some cases they may have books, but the books stay home and they have user names and passwords to the various text book sites. They also have user names/passwords to several other school resources. Most all the sites are 3rd party. So each child may have many user names (various formats) and passwords. They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids. However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation. Do others have good password management suggestions or suggestions for a single sign-on process (no/minimal cost) for kids in school accessing school provisioned resources?

Re:password manager

[Mr+D+from+63]

If you don't want to use a password manager, create each password with a base word that is not written down, then add characters to each password that are written down. For instance, the base word could be "boxcar". Then, actual passwords might be boxcar357a, just write down the 357a. Or some variation of this approach.

Re:OpenID

[Cenan]

I tend to agree with this. Don't take away all the risks from these kids, they need to learn about the consequences of insecure passwords sometime. So their home page shows up in all pink, or all their notes have been translated to Ancient Egyptian - better now than when the stakes are higher. And they'll learn the lesson much better from personal experience.

What are you afraid of?

[YoungManKlaus]

I mean thats the obvious question ... if all an attacker can do is read some textbooks then I don't give crap about how secure the password is.

Re:What are you afraid of?

[FhnuZoag]

I think you are totally right here. The phrasing of this question as being about 'security' is actually totally off base. From the student's perspective, there is no advantage to security. Only the textbook publishers actually benefit from security - they don't want people who haven't paid for the textbooks to read them.

For the student, what he or she actually cares about is being able to easily access he or her school stuff. The worst case scenario is not someone stealing his or her password, it's not being able to recall his or her password and thus being unable to participate in class. Lastpass etc is overthinking it. Just set the password to something simple and easy to remember, and write it down just in case they forget.

Re:password manager

[MobyDisk]

Thank you, I've been posting this to every password-related Slashdot article for years and never managed to get modded up. My scheme is a slight variation, where the "357a" part is derived from the name of the web site or application you are logging into. Maybe you use the vowels in the web site name and their count: so the password for homework.com might produce "boxcaroeoo4." With this approach, instead of writing down "357a" or "oeoo" you write down "vowels + count" or "standard derivation" or something like that. The benefit is that if you use the same algorithm most of the time you don't have to write anything down.