So, here's what not to do...

-
I wasn't shocked when I found out I have 168 reused passwords upon looking at my Google account's password checkup. I simply do not have the capacity to remember different passwords, and sure Google can save my passwords, but really, I can't even trust Google anymore as seen with my last blog post. So, I just silently resign and reuse my passwords to make my life easier. However, I was shocked to find out only one of my accounts was compromised while checking if I have been pwned and it was an account I barely use. My Canva account was found in the May 2019 breach, but I'm surprised that I've only been involved in one breach considering how little I have paid attention to online security. If I haven't paid much attention to my online security, I can only imagine how much my own students pay attention to theirs.

Image Source: Twitter, @Maechez1

J Sterling Morton District 201, has policies when it comes to the acceptable use of technology. There are two sections in their Student and Parent Handbook related to electronic use. On page 45, the Student Code of Conduct, Section 5 states that students are prohibited from "using an electronic device that disrupts the educational environment or violates the rights of others, including using the device to take photographs in locker rooms or bathrooms, cheat, or otherwise violate student conduct rules." Students are only allowed to use "approved electronic devices" in the "cafeteria and supervisory periods, in the classroom for educational purposes with teacher permission, and in hallways during passing periods." In Appendix D on page 65, the Computer Use Policy refers to a computer lab where students agree to only use the lab for educational purposes. There is also an Internet Acceptable Use Policy for both students and staff who are not allowed to use the internet for "illegal or unethical activity, degrading or disrupting equipment, posting anonymous messages, or downloading, storing, or printing profane files/messages."

Image Source: elie.net

I'm disappointed in what the district mentions as acceptable technology use. Most of it is focused on when it is or is not acceptable to use technology. There is little mention of how our students should navigate online. A glaring omission in these policies is the lack of mention of how the district is 1:1, meaning every student in the district is provided with a personal laptop. There is some guidance for our students and staff to follow while using district-owned technology and/or while using district Wi-Fi. Since most of what is published related to technology use is related to compliance within the school building, there's little mention of what is allowed while using these sites or how students should navigate while online besides a few rules. Since the devices and Wi-Fi both staff and students access are district-owned, I was expecting more detailed guides on things including how to prevent phishing or steps to have a secure Microsoft account. Vague rules can lead to questionable online behavior from our students, especially since there is no space to discuss appropriate behavior including safety and security.

There is room in these policies to address expectations while being online for our students. Instead of addressing situations after they happen, what can we do as a district to address them prior?  How do we move past a reactionary response to a preventative response? How can we model appropriate behavior for all students and staff instead of waiting until there is inappropriate online behavior to do so? It can be very easy to place the blame solely on the student when they post or act poorly online -- "they should've known better," or "they know right from wrong at their age." I think it can equally true that we should also be explicit in modeling appropriate behavior for our students, especially when it comes to safety and security, especially if we are providing them with a laptop that’s used for both academic and personal use. I could only imagine how beneficial it would be for our students to have a workshop or have instructional videos on having proper security measures for accounts and what it means to be responsible online beyond sending the occasional email.

Comments

  1. Miss Kaitlin O'HernMarch 31, 2021 at 6:16 AM

    Very interesting blog post! I am sure you were shocked to find out you had 168 reused passwords. I also tend to use the same or very similar passwords to make my life easier, but I may have to rethink that to ensure better security.

    In the next section, you wrote about your district's appropriate use policies. I can completely understand where your disappointment came from with not having more clear policies or guidelines on how students should behave online. When I was looking into the same topic, I found that my district was very similar in that way. There were very clear rules on when students are able to use their phone and other technology devices, but not any guidance or rules on how. Especially this year where many schools are relying more on technology than ever before, it is so important that students learn appropriate ways to interact online. Education is changing and technology is going to be implemented more and more in the coming years. There are many positives to the use of technology but, like you wrote, "Instead of addressing situations after they happen, what can we do as a district to address them prior?". That is the truth! It will take time to discuss the policies and expectations in the beginning of the year, or whenever it is introduced, but will in result take up less time as there will be less situations that need consequences/need to be addressed.

    ReplyDelete
    Replies
    1. Brenda LopezApril 4, 2021 at 1:10 PM

      Hi Kaitlin! I remember reading your post and finding the similarities between the AUPs of our districts. It's so unfortunate that our districts are not as proactive as we'd like them to be. They both seem very reactive. I definitely agree with setting up expectations at the beginning of the year. It sets students up for success and the expectations for the rest of the year, saving time and having everyone on the same page.

      Delete
  2. NMZumpanoMarch 31, 2021 at 10:02 AM

    Such a valid point about how as adults we may not focus on privacy so it's not surprising that our students don't, either. Your reflection about the district AUP was outstanding, Brenda. Thanks for sharing your ideas about how to improve this important document.

    ReplyDelete
    Replies
    1. Brenda LopezApril 4, 2021 at 1:12 PM

      Thank you Nicole! This week was an eyeopener, both for myself and understanding how we value privacy.

      Delete
  3. Alyssa FullerMarch 31, 2021 at 10:54 AM

    Brenda,

    Keeping track of different passwords would be way too hard for me as well! I think about keeping a list of my passwords on paper but worry I would lose it. I have also thought about keeping a list on my phone but I also do not trust that. I have been on the same boat where I just resign to using the same one. I had the same thought about the fact that there was no mention of the school being 1:1. I would assume any school that students are 1:1 would have a much more detailed AUP. In my experience as a student at a school where all of us had laptops, I am sure faculty thought students would know the rules for obvious reasons. However, I am sure I had a lot to learn back then. It should not be assumed that students already know how to use technology safely.

    ReplyDelete
    Replies
    1. Brenda LopezApril 4, 2021 at 1:38 PM

      Oh gosh, I've tried that method too of writing all of my passwords down, but same thing. It's never worked. I've always lost the papers. I agree though -- if we are 1:1, our AUP should be much more in detail about how to navigate the internet and use their devices. You're right, we can't just assume that high school students know how to do all of this when they are handed the laptop. It takes work for them to know this and I think it begins with the expectations they receive from school.

      Delete
  4. Sylvia GacekApril 1, 2021 at 10:39 AM

    Brenda,
    That is a whole lot of passwords being reused! I was relatively surprised with my results. I think trying to use different passwords for different accounts can get challenging. I have around 3 solid passwords I use and I keep forgetting which passwords I use for which accounts... I also am going to tread lightly about trusting the whole "save password" option. After reading through the last couple of weeks, I feel we have to be super careful with our information. I think it's time for the classic "password diary" to come back. I'd be okay with handwriting all my account info if it means less breaches and hackers.
    I think our district's AUP is pretty sparse as well, as they are missing so many points students should really now about being online. I wonder if it will change at all, especially after this year's remote learning. I think teachers should be part of the process! I enjoy your idea of having guidance and videos to share with students before the year starts to show proper behavior and safety. Great post!

    ReplyDelete
    Replies
    1. Brenda LopezApril 4, 2021 at 1:58 PM

      I hear you Sylvia! I'm definitely much more cautious about how much I trust features like saving my passwords or anything where I am handing over my information to a website. I think its because I have so many accounts that I use for either a free trial or out of curiosity that leads to me have this many. I think having a good 3 passwords that you can reuse that are strong are okay. Obviously we should all have different passwords for different sites, but we're human and don't have the ability to remember everything unless we have some place to write them all down for safe keeping like you mentioned.

      Delete

Post a Comment