Passphrase Recommendations

In the interest of protecting our users' data security, HMH encourages the use of “passphrases” instead of passwords.

Use of passwords can compromise user data in many ways, especially by authentication-attacking systems or by classmates, neighbors, parents, siblings, or members of any community. Some of these potential security risks are detailed as follows:

      Authentication-attacking systems can figure out a password in less than one day if you use the most common password combinations, which include names of children, team names, dictionary words, letters, numbers, and symbols. Authentication-attacking systems can also figure out common characters that are used to replace values within passwords.

      Formula-based passwords are also problematic. Current or past users such as classmates, siblings, parents, or neighbors can easily catch on to a formula-based passwords using educated guessing or scripting to get into a user’s account. Common formulas such as numbers and birthdays can be easily cracked; for example, numbers can be subject to incremental guessing, and date-of-birth can be determined by birthday invites.

      When passwords are assigned to an entire class or organization using the same password or password formula for all users, it opens the possibility that other students, parents, or even outside districts could gain access to other users' data simply by choosing the incorrect org selection. For example, if you assign a password of "P@ssword1" for one user, that user may attempt to use that password to get into other users' accounts by guessing other account's usernames.

Important: It is often NOT the student data that these authentication-attacking systems and hackers are usually trying to obtain. There is a common misperception that some have, such as “Why would anyone want to steal student data?” or “I don’t care if they get assignment scores.” The fact is that they are often seeking student names in order to guess the parent's password for financial institutions, credit cards, and so on, or the access is used to bully another student or to wreak havoc within the software for those students and organizations.

Examples:

The password “J0rdan17” can be decrypted in less than one day by modern attack solutions. However, a passphrase like “MySonsNameIsJ0rdan17” takes up to 500 years to automate an attack.

The longer the passphrase, the more secure it is. Using passphrases not only improves security, it is still easy to remember in most cases.

Passphrase Recommended Examples

Instead of this password . . .

Use this passphrase . . .

Packers1991

IloveTheGreenBayPackers1991!

Tiger

MySchoolMascotIsTheTigers

Cubs@1234

My#1TeamIsTheCubs

James1

MyNameIsJames

 

We teach our students the core foundation of reading, writing, math, and other subjects. We should also be teaching them to protect their own digital identities so they understand the importance of identity protection for themselves and their families. It is for these reasons that HMH strongly recommends you put in place passphrases for users of all role types and grade levels.