Keeping Our Digital Data Secure

Dan Bateson, Director of Technology

Kingswood Oxford’s information technology team takes the school’s digital security very seriously. Protecting the personal and professional data of our students, teachers and staff members is our top priority. In fact, the school regards teaching students about digital privacy to be an essential part of their education.   

With that in mind, here are some suggestions for ensuring the privacy of online accounts as well as some current trends in the generation and verification of passwords, recent improvements in their ease of use, and a preview of what could soon be a password-free world.

Determining whether your password has been compromised

During the past year, several major corporations and organizations have revealed massive breaches in their security walls, allowing hackers to acquire the private data of millions of people. You can ascertain whether your online accounts have been violated by visiting the website: https://haveibeenpwned.com/for a free password checkup. Simply enter your email address and you’ll learn whether your data has been hacked, and, if so, which data breaches involved your account and when they occurred. If your email account has been compromised, you should immediately change the password.

How to avoid having so many different passwords

For a nominal monthly fee, several online password management programs lock all your passwords in a digital “vault” with only one password or pass phrase needed to access them. These include 1password.com and lastpass.com. These sites also offer features such as password generation, two-factor authentication, and alerts.

Current standards for creating passwords

The National Institute for Standards and Technology has urged the information technology managers at businesses and non-profit organizations to make passwords as user-friendly as possible and to shift the burden of privacy from the user to the verifier. They want to remove the traditional requirements that a password include a capital letter, a number and a symbol and instead suggest using password phrases, such as combining your favorite food with a favorite childhood memory, such as mediumwellhamburgercampjewell!, which are easier for people to remember. They also challenge the conventional wisdom that passwords should be changed every 90 days. As long as you have no reason to believe your password has been breached, they say, there’s no reason to change it.

When generating a new password, check it against one of several online dictionaries of bad password choices; these include names, birthdays, social security numbers and the classically lazy losers: “password,” “1234” and “ABCD.”  

Security experts are also recommending the elimination of knowledge-based authentication, such as the name of your first pet, high school mascot or favorite movie. The problem with such data, they say, is that someone might be able to use social engineering skills to guess your answers.

What’s the future of passwords?

Information technology engineers are continually devising new ways to make the authentication of online identity more secure yet easier for the user. Some of these promising techniques involve biometrics, such as facial and vein-pattern recognition, fingerprints, and scans of the iris of the eye. New types of risk-based or adaptive authenticity can now evaluate your device, your Internet protocol address, and your online behavior to determine whether other methods of authentication should be used. A platform called Trusona now offers a two-factor authentication system that is password-free. Kingswood Oxford continually monitors these new approaches and will adopt those that offer appropriate and effective ways to enhance the school’s digital security.