1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hi Guest, welcome to the TES Community!

    Connect with like-minded education professionals and have your say on the issues that matter to you.

    Don't forget to look at the how to guide.

    Dismiss Notice

GLOW password change day

Discussion in 'Scotland - education news' started by aypi, Sep 8, 2020.

  1. aypi

    aypi Senior commenter

    Another day another orginisation linked to Scottish education proves it does not know what it is doing.
    SEEMIS, you are even more guilty. Across the land new passwords will be written on postit notes just like half of my SEEMIS one is.

    Here is the official advice on passwords.
    Don't enforce regular password expiry
    Regular password changing harms rather than improves security. Many systems will force users to change their password at regular intervals, typically every 30, 60 or 90 days. This imposes burdens on the user and there are costs associated with recovering accounts.

    Forcing password expiry carries no real benefits because:

    • the user is likely to choose new passwords that are only minor variations of the old
    • stolen passwords are generally exploited immediately
    • resetting the password gives you no information about whether a compromise has occurred
    • an attacker with access to the account will probably also receive the request to reset the password
    • if compromised via insecure storage, the attacker will be able to find the new password in the same place
    from https://www.ncsc.gov.uk/collection/...tect all passwords,further damage can be done.

    PS during my last SEEMIS password reset I got my user name wrong and had access to a biologists SEEMIS for a couple of days. Maybe I still have access to it, but now I cant remember that user name, or the password I set for it.
     
  2. bigjimmy2

    bigjimmy2 Lead commenter

    I feel your pain, aypi!

    I've just renewed my car insurance with a different company and can add that to the list of passwords I need to remember! Awww man!

    Having said that, I wouldn't use somebody else's account for any reason at all.
     
    Marisha likes this.
  3. Marisha

    Marisha Established commenter

    I used to just change the number at the end. Even so, I'd get locked out. Think I was up to 17 by the time I retired.
     
    bigjimmy2 likes this.
  4. inthered

    inthered Occasional commenter

    After about 6 it lets you revert to the first one. The trick is in remembering which blasted number you’re on. I guess if you were organised it could go by month...? I’m just a bit too scattered for that though.
     
    bigjimmy2 likes this.
  5. p4girl

    p4girl New commenter

    I have tried to change my password around 40 times today... without success. The button to ‘change password’ just doesn’t work. Most of the staff in school have same problem. They make you need the system, then deny you entry! Need into my email, need onto blog... It’s only Tuesday and I could run away!
     
    bigjimmy2 likes this.
  6. Stiltskin

    Stiltskin Star commenter

    Use a password manager like lastpass or Google Chrome's inbuilt one. Or for general logins (not your email) you can create a strong stem of three random words of at least five characters and then add something onto that for each website that you need to remember (e.g first two and last two letters of the company name). e.g. for here MouseCactusPianoTEES which would have a 93 bit entropy and is not going to be brute forced.

    That is wise, as accessing someone else's account without their permission is illegal (max 2 year imprisonment and £5000 fine).
     
    bigjimmy2 likes this.
  7. inthered

    inthered Occasional commenter

    It wouldn’t let me do it either until I changed it to a totally different password. I had tried just changing a number and a symbol but no cigar. Honestly, it’s not NASA. They can have all my worksheets and marking if they want.
     
    bigjimmy2 likes this.
  8. bigjimmy2

    bigjimmy2 Lead commenter

    It seems everybody has their own system.

    Wrt work passwords, I don't care if the password is deemed to be strong, as long as it meets the requirements. If someone cracks it then fine, no loss to me personally. Just don't keep personal stuff on your work accounts anyway - if you do your employer has every right to read it remember!

    A system I've used in the past is to text myself my latest password. If you use a number system then you should never be too far from the correct password! You can delete the text after you're used to the "new" password.

    I'm not too keen on password managers myself, just seems an additional complication, sorry.
     
  9. p4girl

    p4girl New commenter

    Thank you! Completely random password entered, and it worked! Quite sad that I’m this happy about getting into my work emails...!
     
    bigjimmy2 and inthered like this.
  10. inthered

    inthered Occasional commenter

    This is why I’m resisting management attempts to move everything from the school server onto Glow. I just can’t be ar**d with its crashes, freezes and changes of password. At least if it’s on the server I can access it on a daily basis.
     
    bigjimmy2 likes this.
  11. aleaiactaest

    aleaiactaest New commenter

    Be thankful you're not in Glasgow where it looks like we're losing our desktop PCs sooner rather than later... So everything will need to go on Glow.
     
    sicilypat and bigjimmy2 like this.
  12. aypi

    aypi Senior commenter

    Are you going over to laptops?
     
  13. aleaiactaest

    aleaiactaest New commenter

    iPads. Already have them as a supplement to the desktops, but soon the desktops will go away.
     
  14. bigjimmy2

    bigjimmy2 Lead commenter

    And the Glow Monster takes over!
     
  15. aypi

    aypi Senior commenter

    I thought going to laptops was bad, but going to expensive tiny screens? How many words a minute can you type on a Jobbie machine? How much longer to create resources? The idiot in charge of this needs to be shouted down. Barking mad incompetence.
     
  16. aypi

    aypi Senior commenter

    Yeah, we can type jobbie.
     
    bigjimmy2 likes this.
  17. bigjimmy2

    bigjimmy2 Lead commenter

    You can take the iPads home you know!
    And buy your own apps for it.
    And use your own wifi to connect to ra internet.
    And so you can work even more from home! Even whilst doing a jobby!
     
  18. bigjimmy2

    bigjimmy2 Lead commenter

    Forgot to mention that Glasgow weans will be getting them soon too!
     
  19. grayst

    grayst Occasional commenter

    And, er, how are you going to manage to create and edit any sort of complex document / spreadsheet / presentation on an IPad?

    Are they paying for external mice / keyboards / screens?

    What about all the numerous resources which simply do NOT run on Apple hardware?

    Madness.
     
    sicilypat and bigjimmy2 like this.
  20. moscowbore

    moscowbore Star commenter

    This was my issue with technology in schools in Scotland. The people in charge had no clue what they were doing. People who did not know how to switch on a pc were making decisions worth millions on technology purchases.
    I tried to explain at a council meeting that just giving every pupil a chrome book was going to create a problem as all schools would then need to upgrade their networks, which were 20 years old. Like showing a card trick to a horse.
     
    bigjimmy2 likes this.

Share This Page