Passwords, Accounts and Personally Owned Devices: PWPSD Best practice

Passwords

As a general rule PWPSD IT is not a fan of shared accounts, or groupings of accounts that share a password. In most cases we are not likely to set that up as this sort of setup invites malicious uses, accidental security holes, and sometimes confusion. A password should be unique for each account.

 A PWPSD password must be ‘complex’. That means that it should contain at least 3 of the 4 following types of characters, and be at least 6 characters long (8 or more is better)

  1. Lower case letters (abcde)

  2. Upper case letters (ABCDE)

  3. Numbers (12345)

  4. Symbols, such as (%@$#!)

 Passwords cannot contain any portion of your username or actual name.

 @Work2day would be a good example password. However I do not recommend using that one as your password:). Another good way to make a password is to use a sentence.

 I like ice cream!

 Is a complex password, is easy for you to remember and is enough characters that it would be really difficult to brute force crack. Of course, don’t run around the school yelling ‘I like ice cream!’ or people might catch on!

 Other items of note that are specific to PWPSD:

 You cannot repeat your previous two passwords.

 Passwords expire every 2 years. Best practice would be to change it roughly every 18 months and not get into the situation where it expires on you (or students). Watch out for the two summer months as well. Lots of folks get caught on that.

 NEVER write down your password. It is really important to ensure that you use different passwords for different sites if you cannot use your usual PWPSD ID. Using a good password manager can help you safely protect your accounts while also maintaining your sanity, and using multi factor authentication where you can is an even better way to protect your privacy.

 Please do not share your password with other people. It is not really a good idea to share it with PWPSD IT Staff either. PWPSD IT can and will change your password to something else if they need to be ‘you’, which is often valuable, but do not necessarily need to know your password. If you give it out (or think someone might know it) be sure to change it to something else as soon as it is reasonable. There are times PWPSD IT will still provide you with a password that you are unable to change or that they will need your password as a troubleshooting tool. Following the troubleshooting, you should still change your password. Also in most of these cases you should KNOW the staff asking for the password (our department is not that big). If you do not know the email address/person requesting…talk to a person you do know about it to see if it is legit.  

 

Accounts

 

If the student previously attended a PWPSD school their username and password are the same as it was last year. If they moved schools, the account will be moved, with the password remaining the same. If they did not, then a new account is generated.

 Student accounts are disabled over the summer and re-enabled roughly the first day of school (before if we can pull it off). Staff accounts are deleted once a contract expires, but are only disabled for staff on leave if the principal requests. Some access to groups (like the school staff groups) may be removed if admin or the staff member request as well.

 Student accounts are made automagically with information pulled from Powerschool.  Please note we have added a LOT of information to student accounts to allow google/email/powerschool/etc to function as you folks expect. I am afraid it is still a bad idea for you to create student accounts. Student accounts are now ‘forever’ and so if they are not set up correctly that can have a fairly long term consequence.

 We sync 3 times a day (7 am, 11 am, 2 pm). Any student placed into powerschool will be created automatically during the sync using the information in powerschool (an ASN is mandatory, and is a common area that causes this to fail). A sync can take a while though, if there are lots of changes.

 By default it will use the Legal name from powerschool. There is a setting within powerschool that can be used to ensure the account takes an AKA name. This is done by your front office folks, usually at registration. IF it is checked (or removed) at any time the account is changed on the next sync. If you adjust/update that setting or the students information know that the students account will change shortly and may affect their ability to sign in.

 Taking a hypothetical new student named Darcy Joel Remi Bromling born April 03 2006.

 Username: <first8charactersoflastname><firstinitial><middleinitials> (note plural, if there is more than one we will use characters from all of them)

Email: <first8charactersoflastname><firstinitial><middleinitials>@s.pwpsd.ca

Password:<first3charactersbirthmonthfirstlettercaps><2charactersbirthday><last2charactersbirthyear>

 

So for our hypothetical situation above

bromlingdjr

bromlingdjr@s.pwpsd.ca

Apr0306

Hyphen’s are removed. We use 8 characters from the last name, not including hyphen’s. We use the characters from both names, though in most cases the second name will not be well represented.

 accent/omlaut/etc currently break account creation ‘in most places’. Certainly enough that the account is largely unusable by the student. For those students please set up a preferred name in powerschool that replaces them. We are working on smoothing that out a bit but currently it is a known problem with only a workaround to fix. 

 If there are duplicates (students with the same last name and similar first and middle names) the last one created will have a number appended to the end of it. It starts with 1 and goes up from there.

 

 Personally Owned Devices

 

PWPSD Encourages Staff and students to use the device that they like, in the manner they prefer to use it. However, data security is still SUPREMELY important.

You should always protect your devices with a passcode of some sort. If possible, please ensure you have some method to remotely wipe the device if it is lost or stolen.

 Please know exactly where your data ‘exists’ and who may or may not be able to access it. Do not keep sensitive data on your device, or ‘in the cloud’, and be careful what sort of data you do keep on your device, or ‘in the cloud’. If you will access student data of any sort on your device you must protect the device with a passcode of some sort, and it must be set to auto-lock within a reasonable time frame. Do not keep student information of any sort on any of your devices. Student data should ONLY be on PWPSD Servers.

 If you connect your device to PWPSD’s Email system it is mandatory that you place a PIN on the device (minimum 4 numbers, more is better), and that the device ‘auto locks’ within 10 minutes. Please ensure you are able to remotely wipe the device if possible as well. However, it also becomes possible for PWPSD IT to send a remote wipe command to the phone if the phone is lost or stolen. Please make a ticket within the PWPSD helpdesk system if you lose your device and require PWPSD IT to attempt to wipe it.