3 Ways for Students to Steal Your Password

Image Source: https://commons.wikimedia.org/wiki/File:Steal_password.jpg

Open sesame. Abracadabra.

When you’re locking down your data, how secure is the password you chose? If it’s anything like the magic words above, have we got news for you. Your password tricks are not working. Worse, you might be letting security slip and opening yourself up for a student to sneak information to unlock valuable, FERPA-protected data.

Are your passwords secure? Learn three ways students may be able to gain access to your passwords.

Guess it

Some students may possess the skills and software to crack passwords using complex algorithms, but any student can memorize a password they see you use or write down. It’s also easier for people to guess your password if you make the mistake of using the same password for multiple accounts.

Avoid keeping a list of passwords anywhere a student might find it—including a desk drawer or a purse.  Some students are willing to cross boundaries in order to get to your credentials. The safest bet is not to write passwords down at all.

Keep your passwords safe from prying eyes as you type them in, too. Even catching a glimpse of part of your password can make it easier to guess the rest—even if you replace letters with numbers, add capitals, and choose special characters. However, a shocking number of people still choose ineffective passwords like “password,” “qwerty,” or “1234.”

Pro tip: Try a passphrase. Choose four unrelated words in random order. Tough to remember, but tough to guess, too!

Log it

There’s a gadget for everything these days—including stealing passwords. Keyloggers are small devices designed to plug into a computer to capture every keystroke. This includes sensitive data such as personal information, credit card numbers, and of course, passwords. Keylogger software also exists and is distributed through malware.

Anyone can purchase keylogger devices online; the hardware is not regulated. They’re easy to slip onto an unattended computer. Most are small, a little larger than a wireless mouse dongle, and go unnoticed by the user. The student can then retrieve the keylogger (and your data) at a later time. Recently, a student at Kansas University used a keylogger to capture professors’ credentials and was later expelled.

Pro tip: Be suspicious of shared computers. If you’ve left your own computer unattended in a classroom, double-check the devices plugged into it before you type in your password.

Phish it

You know not to open suspicious-looking emails from strangers, but what about emails from your school’s portal? Earlier in the year, a 16-year-old launched a successful phishing scheme and managed to grab teacher credentials to change his grades—by designing his phony emails to mimic the design of the school portal.

Students are gaining so many useful skills in the computer science field, but sadly some will put them to nefarious uses. No security-focused edtech organization would send an email asking you to login or provide your credentials. Don’t click on anything that seems suspicious, or you risk sending your personal data directly to a hacker.

Pro tip: Hover over links to make sure they’re going where they say they’re going, or better yet, stick to your tried-and-true routine to be sure you’re logging in safely.

Your students may be some of the most tech-savvy people on the planet right now. Stay one step ahead by protecting your credentials. By doing so, you’re also protecting precious data and staying FERPA compliant.

If you are interested in more cybersecurity refreshers, check out Security Drill: 3 Threats to Watch For.