Access menu:
Skip to content, access key c
Local navigation, access key l
Schools menu, access key s
Becta menu, access key b
Becta
About Becta
Schools
Local authorities
Government & partners
Industry & developers
FE & skills

FITS

Schools menu:
Leadership
& management
Curriculum
Learning
& teaching
Professional
development
Extending
opportunities
Resources
 Home > Schools sector > FITS

FITS OM: Authentication

Authentication is the mechanism by which the system asks the user, "Is that really you?" If a system has a good logon naming standard, but no authentication, then anyone could log on to the system by using someone else's account, since user IDs might be easy to guess. To make sure that only the true owner of an account can get into the account, the system must therefore enforce some sort of authentication mechanism. This usually makes use of a password or personal identification number (PIN).

The mechanism is almost universal because it has no additional cost for the school and is familiar to the user. However, the security of the computing environment can be weakened if users are allowed to select character combinations for their passwords or PINs that are easy to guess or if they share their passwords with other people.

It is very important for a school that utilises passwords as its only authentication mechanism to establish good password guidelines and to ensure that every user in the school follows the guidelines. A good password that provides a high level of security has the following characteristics.

  • It is at least eight characters long.
  • It is alphanumeric (consisting of both letters and numbers).
  • There are at least two letters, one number, and one special character (such as a punctuation mark or asterisk).
  • It does not use proper names.
  • It uses a mixture of lowercase and uppercase letters, if possible (although some systems are case insensitive).
  • It appears random.
  • It is changed at least every 60 to 90 days
  • It is not reused for at least six months.
  • It is significantly different from previous passwords created by the same user.

It is usually possible to use pass phrases, which are more secure and easy to remember - 'bah bah black sheep', for instance.

There are many software tools available that can 'crack' passwords by checking them against dictionary words, combinations of dictionary words with numbers and so forth. These tools are becoming increasingly sophisticated (for example, including foreign words in the dictionary attacks and employing faster processing times) and increasingly inexpensive.

It is usual practice for the school to set up the initial password for a user, and for the new user to be forced to change that initial password. There are two common approaches to this.

  • Give everyone a standard password such as 'newpassword'. This does initially provide a security flaw, and so it is essential for every new user to change this password immediately
  • Provide a unique password such as a date of birth - 06.07.96. It is not so easy to find someone else's date of birth, so the password is fairly strong, but it does have the downside of demanding additional effort by technical support staff, who have to find this data and enter it into the user's profile.

The school needs to balance security against time for the initial set-up of user account passwords.

The downside of having complex passwords in schools is that students and staff who rarely use computers (students may only have ICT for one hour a week) may forget a 'secure' password and constantly ask technical support staff to change it.

Alternatively, they may write it down to help them remember it, which represents a major security flaw. It is therefore necessary to strike a balance between practicality and security.
Footer menu:
Return to top
© Becta 2008
About this site
Freedom of information
Privacy policy
Feedback