password SECURITY
AND RESETTING YOUR PASSWORD
Passwords at PLC Armidale
Every user at PLC Armidale (staff, student and parent) has an account protected by a password at a minimum. The password, along with a username and email address, is issued at the start of the employment of a staff member. These credentials are used across all PLC platforms, including but not limited to computers and online services.
Your email address and username will generally remain the same during the period of your employment. As a security precaution, passwords are set to expire 90 days after being set (roughly once every term). Using this password expiry in combination with a requirement for a complex password and multifactor authentication helps to protect the College against data breaches that may occur from a leaked or hacked password.
Systems are accessed using Single Sign On (SSO) or Same Sign On. Single Sign On is used across a large number of the College's online platforms (Edumate, Google, Canvas among many others) and requires the user to sign in a single time to access these platforms. Same Sign On is used for some discreet internal platforms and requires a seperate sign in action using the same credentials. These credentials are also used to access College computers.
What is a complex password?
A complex password generally includes a combination of lower case and upper case characters along with numbers and/or symbols. 8 characters is a good start but longer passwords are harder to crack. A good password will be easy to remember but hard to guess, for example:
mycatispoppy is not a complex password and would be easy to guess if you own a cat named Poppy.
Myc@tisP0ppy is a complex password through use of substitution however would still be easy to guess for a determined hacker.
P0ppyluvsTHEsUn is a complex password that is easy to remember and hard to guess with the misspelling in the middle and the randomised capitalisation.
Remember you may need to type the password in, while a 20 character password is ideal entering it every time you need to access your computer will become quite frustrating. Similar thought should be given to a password that is too complex as this may lead to errors and potential lockouts.
What is good password practice?
Some users would use a sequence of passwords such as P0ppyluvsTHEsUn1, P0ppyluvsTHEsUn2, P0ppyluvsTHEsUn3 and so on. This is strongly discouraged, if the key part of the password is found with a number a determined hacker would then try the incrementals to gain access to your account.
Sequences of characters are also discouraged as these are quick guesses used by hackers (for example, abcdefgh or qwertyuiop)
Ask yourself, if someone where to gain access to an account, how many other systems could they potentially gain access to and how much data would they get? If that data is important it should have its own unique passwordAt a minimum it is advised to use a different password for critical personal systems such as banking and health. Use a different password for your email account/accounts (but don't use the same password on all accounts). Have a throw away password for non-critical sites if you need it.
Sign in to Google seems like an easy way to access systems but be careful. This process uses your Google sign in token to gain access to other systems. Should someone gain access to this token through a fraudulent website they will have access to your Google account and can use that access to search for other information about you.
Use a password manager. Save passwords in to Chrome or into a secure location on your computer (a docuemtn on your desktop is not secure!). Passwords saved in Chrome will copy between different devices you are signed in to providing a simple backup of your data.