Protect your passwords

  • 8 minutes

This unit focuses on cybersecurity measures designed to safeguard personally identifiable information (PII) and maintain online privacy on classroom devices.

Effective password use

Creating a strong, unique password that is difficult to crack is a frontline defense for your personally identifiable information (PII) and sensitive data. For example, if you fall for a social engineering trick that reveals your computer username, it only takes 5 minutes for a cybercriminal to figure out a complex, 8-character password like Tx5!rp9? using a computer and artificial intelligence. Although this password is complex and unmemorable, it presents a security vulnerability. You can dramatically reduce the chance of a social engineer figuring out a password by making it more complex and lengthier.

One way is to choose a phrase, sentence, quote, or lyric that is meaningful to you but unknown to someone else, then change the characters. Follow these steps to create a strong password:

  1. Find a memorable phrase: A fan of the band Bon Jovi might love the song, Livin' on a Prayer, which includes the line: Tommy used to work on the docks. This can be the starting point for a password, but it isn’t secure in its current form. Notice that the lyric is long–about 31 characters including spaces.
  2. Remove spaces: Take out the spaces in the phrase. For example: Tommyusedtoworkonthedocks. You can also replace spaces with hyphens (-) or underscores (_) between the words. For example: Tommy_used_to_work_on_the_docks
  3. Add uppercase letter(s): Replace at least one of the characters with an uppercase letter. For example: TommyusedtoworkontheDocks.
  4. Add number(s): An easy way to add numbers to a password is to replace letters with numbers that are visually similar. For example: Tommyu5edtoworkontheDock5. Other potential substitutions include:
    • O/o to 0
    • L/l to 1
    • E/e to 3
    • S/s to 5
  5. Add special character(s): Using a phrase like a lyric makes it easy to add a special character like a punctuation mark or use special characters to replace letters (like the @ sign instead of a). For example: Tommyu5edtoworkontheDock5!

Ensure that your password remains strong and secure by also following these guidelines:

  • Avoid using publicly available information in your passwords like family names, pets, birthdays, and addresses.
  • Never share your password with another person, including colleagues, friends, and even school technology personnel.
  • Use a unique password for every website or application. Try a password manager to save and generate unique passwords.
  • Don't write your password on sticky notes, notebooks, or other places that are easily discovered. Make it memorable or use a password manager.
  • Don't save passwords in browsers that are used by other people. If the device is shared, never allow a browser to remember your credentials.

Password resets

It’s important to change your passwords in the event you either fall victim to a social engineering attack or suspect your credentials (username and password) might be compromised.

Some common password reset options in schools include:

  • Requiring educators to use a different set of credentials for each service that requires an account, each with its own password reset steps.
  • Providing self-service tools that allow educators to reset their password on a designated website that then changes the password for other services.
  • Using a single sign-on service (SSO) that allows educators to use one set of credentials, like a Microsoft 365 account, with one set of steps for changing passwords.

Follow these steps on our support page to reset your password on your Windows device.

Identity authentication

Schools now require more than just a username and password to access computers, networks, databases, and systems. Many use additional identity authentication measures to make it more difficult for a social engineer to use stolen credentials that might have been compromised.

There are two common approaches to confirming identities beyond usernames and passwords. Review these approaches then use the video to learn more.

  • Two-factor authentication (2FA): This authentication approach uses a phone call, text message, mobile app notification, or one-time password along with a username and password to confirm an identity.
  • Multifactor authentication (MFA): This authentication approach uses more than two methods of authentication to confirm an identity. Sometimes this includes 2FA methods along with a file (token) on your computer, your fingerprint, or a camera with facial recognition.

Next steps

  1. Develop a strong, unique password for at least one website or application that you use often.
  2. Reset your device password. Check with your school's IT department to see if there are preferred ways to reset or change a password.
  3. Enable 2FA on your Microsoft account to better protect your identity from threats aimed at accessing your school files and critical resources. Then learn about additional ways to keep your Microsoft account safe and secure.