We at Horizons take security seriously and advise those that share our concern to follow our password policy where possible. There are links and explanations below, for those that wish to do further reading on the subject.
What suggestions do you have for a secure password?
- Consider using a system like LastPass or 1Password which generate ultra-secure passwords for you and remember them for you too.
- Consider using a handful of passwords for different types of site. For those that need to be ultra-secure (like internet banking, or Horizons) use a password you don’t use elsewhere – so that if your subscription to another website gets compromised the hacker does not immediately have access to more important things.
Why do you not automatically reset passwords?
This policy can often backfire because:
- If passwords change frequently, users will be forced to write passwords down in order to remember them.
- It is hard to come up with ‘good’ passwords that are also easy to remember. If people are required to come up with many passwords because they have to change them often, they will gradually end up using weaker iterations of the same password.
- System generated random passwords are so utterly forgetful that a user will have to write it down, rendering it immediately insecure.
- If software can prevent a user from repeating a recent password, it must be keeping a database of everyone’s recent passwords (instead of having the old ones erased from memory). Further to that, users may change their password repeatedly within a few minutes, and then change back to the one they really want to use, circumventing the password change policy altogether.
If your school policy requires password resets, there is a button for this in Admin > Staff; however, for the above listed reasons we advise against doing this regularly.
Other ways of being security conscious
- The easiest way to get into somebody else’s computer is to wait until they have left the room and sit at their desk! Consider locking your computer when you leave the room. A simple way to do this is by holding the “Windows” button (looks like this
) and pressing the “L” key.
- It is worth repeating – do not write your passwords down.
Further reading on passwords and security:
- http://en.wikipedia.org/wiki/Password_policy
- http://cups.cs.cmu.edu/rshay/pubs/passwords_and_people2011.pdf
- http://xkcd.com/936/
- https://lastpass.com/
Here is a short comic strip which sums up passwords in this day and age!
Horizons password policy
- Avoid obvious passwords such as teacher1, password, etc. Our system will reject the really obvious ones automatically.
- Do not write your password down. A password which is written down is immediately insecure.
- Consider a password with 3 random words combined – like horserulerfanfare – or a phrase – like DoctorKingsleyismyfavourite.
- NEVER give out your password over the phone. Our support team cannot see your password, and therefore WILL NOT ask for it.
- Do not share your account with other users. Your school ADMIN user can create as many user accounts as your school needs.
- Horizons support cannot reset your password. Your email address is your username you can only change your password by having a valid email address and using the forgotten password link on the login page. If you cannot access your email account please contact your school’s Horizons admin person who will be able to advise you on how to proceed.
- Users can now reset their password from the login screen, by clicking on the Forgotten your password? link and entering their username. They will be sent an email with a link to change their password.
- Staff who have left the school can pose a possible security risk. Archive the user immediately this will set their access level to None.
- Never write your password down – yes, this is the second time it appears in this list, but it bears repeating – also, do not save your passwords in a text file on your desktop named “Passwords”.