Even though the coronavirus pandemic is more under control than it previously was, today's classrooms are still digital, and students are migrating to more online services like their Learning Management Systems (LMS) to checking their report cards or financial information. While talking about login password security might sound funny to talk about in a classroom setting for children in Kindergarten, but as technology evolves, it may be better for start young.
Especially now, schools and universities have to prioritize solving cybersecurity issues by implementing new solutions and educating faculty and staff. With online classes becoming more prominent during the pandemic, schools are open to more vulnerabilities. Each student could be a gateway to letting hackers access the institution's confidential information.
However, IT teams need to make sound decisions that not only mitigate the user experience for the faculty, staff, and students, but also make the learning curve for these solutions low so that teachers who may not be tech-savvy can still log in without any problems. Also, the elephant in the room is the cost on completely changing the security infrastructure. Many may think that good solutions with multi-factor authentication, self-service password reset, and single sign-on could be fairly on the expensive end, but that discussion is saved for later.
We interviewed a third-grade teacher in an Ohio school district to get her perspective on the challenges of cybersecurity in the classroom. Her students use Chromebooks on a daily basis for math and English language arts, so most of her curriculum can be supported digitally meaning online assignments and quizzes for her students, and formative assessments and student data for her. She faces cybersecurity in the classroom through cybersecurity issues, lack of computer skills in young students who are used to touch screens, and students who come from low socio-economic backgrounds who do not have the same experiences or opportunities that more affluent families may have. All of this affect the way students develop computer skills and cybersecurity habits.
Unfortunately all things considered, this means the most traditional method of authentication will be the one most commonly used: passwords.
Dependent on the school district or university, the student's login credentials generally follow a specific formula (i.e. 5-digit student ID numbers, a mix of characters from your first, middle, and last name, or a combination of both). From the third-grade teacher in Ohio, she noticed that students in her district picked up on these patterns and were able to hack into each other's student accounts. In her district too, the teachers are generally the ones in charge of holding passwords, and when students forget their password, the teacher has to contact the IT department and get the password reset. It is an annoying long process that should not exist in the first place. Why the teachers hold onto the passwords and not in a more secure environment beats me because when passwords are misplaced, the student's information is at risk.
Remembering should be for lessons, not for passwords. There are work arounds for teachers to keep better track of passwords which can safely secure them more efficiently, but decisions like these are given for the IT team to decide.
Fortunately, IT teams have longed for increased security in K-12 and higher education districts through MFA and password expiration policies which guide institutions in a direction of security and usability. The struggles vary greatly from each institution due to the technology that is being used and the policies that are currently in place. Security can become a hindrance to using technology effectively since it may add steps to a process, or may change the path people take to complete a task.
When making decisions, the conversation about usability and security go hand in hand. One targets keeping data secure while the other focuses on not making it cumbersome to complete daily tasks. Security of information is very important to the new trend of everything being online. Assessing higher education IT security needs, which can vary based on each institution, is the key to developing a successful process for all end users to be secure and have a steady workflow.
One key feature of higher education IT security to access may be mandating MFA:
The ability to increase security should be a process that is slowly implemented into any environment. Allowing users to control the speed in which they adopt will help any new policy become accepted. The process of increasing higher education IT security by adding new policies for passwords and the methods used to login should not happen overnight. Below are some factors to help ease the transition to stricter security for any institution.
Staying up to date with new technological trends and security requirements have become very important in keeping a secure and usable environment for students and staff while also creating a streamlined process for users. This allows for self-service options that reduce help desk calls and a way for end users to feel that they can tailor their experience.
With all the different solutions on the market for security and authentication, finding one that fits your unique environment is the first step. This is followed by pricing and how it will affect your budget. There are primarily two different pricing models to evaluate. The first is the per-user model, which can add up quickly and has the potential to make planning your budget difficult. The second is the fixed server-based pricing model which is easy to plan for. Although the upfront cost for a per-server option may be large it can easily be amortized over time. This option allows it to be built into upcoming budgets with no surprises. Taking advantage of a per-server pricing model can be very beneficial to your institution, it allows the flexibility to add more users and negates the concern of a price increase while also increasing the security for the end users. Allowing institutions to utilize this as a building block increases the infrastructure and back-end environment to benefit all. With current trends, students have a device that this can be leveraged in a multitude of ways to benefit both institutions and end users.
Utilizing a Single Sign-On (SSO) solution that includes Self-Service Password Reset (SSPR) can start a transition to a more digital-friendly environment. An authentication solution that simplifies the access for all end users can lead to multiple money saving opportunities. For example, you can move away from paper textbooks and take advantage of eBooks or move exams from paper to computer-based exams. These not only help end users prepare for the next steps after schooling but can also greatly reduce the cost in the universities other departments. Taking advantage of technology, whether it is software or hardware, creates a dynamic learning environment for students. Taking advantage of a portal, which has the daily needed applications, is just a click away to simplifying access for students and staff.
That being said... PortalGuard is the leading solution for higher education institutions, providing solutions for multi-factor authentication, single sign-on, and self-service password reset. All of these solutions together make it easy for students to access their login, reset their password, or better secure their account without mitigating the user experience and annoying the IT help desk with forgotten or stolen password calls.
Here is more on how PortalGuard may be a fit for your institution that fits your budget while also shaping to be the best option for your students, faculty, and staff that still is highly secure and convenient.