Correct Horse Battery Staple, revisited

Encourage students to use longer, human-friendly passwords rather than complex alpha-numeric + special character passwords.

Photo of Cameron Johnson
1 5

Written by

The publishing of the attached xkcd comic kicked new life into the debate about password security. Security experts and non-experts have debated the math, the strength, and the purpose of creating passwords. Password generators and keepers, like LastPass and 1Password are ideal, though, I think, unrealistic to expect from all students in a K-12 setting. 

The most likely security danger with school accounts is not an elite hacker running attacks against your Active Directory server. 

The real, day-to-day security risks are the humans. It is a 13-year-old writing her password on a sticky note so she remembers the password she created to meet the school's complex password requirements. It's the person in the business office with the password taped to his monitor because he can't remember if his password had a # or %.

If we can trust in the core math of the argument in the comic, we can leave the debate over entropy to the mathematicians. We know the habits of the students and employees at our schools, so let's focus our efforts on the security threats we see every day and can prevent and update our policies to meet those threats. 

1 comment

Join the conversation:

Photo of Paul Kim

Hi Cameron,

First of all, thanks for participating in this collaboration between the Teachers Guild and ISTE. We really appreciate your contributions!

We’re in the last week of the build phase of the challenge on digital citizenship so it’s time to fine tune your idea before final voting begins next week.

Here are some things to consider as you continue to build on your idea:
- is your idea clear and will it inspire action from other teachers?
- would it be easy for a teacher to incorporate your idea about digital citizenship in their classroom?
- does your idea include some component of research and are there shareable resources?
- is your idea student-centered and does it promote agency?