Wednesday, December 14, 2011

Online Gradebook Security Update

Parents, students and other users with HJUHSD Online Gradebook accounts will be required to change passwords on your next login as part of a system security update.

The Online Gradebook (ABI) will prompt you to enter your OLD password and then enter your NEW password twice, to make the change.

If your OLD password comes up automatically in the "Old Password" field, please highlight and delete that password and re-enter the old password manually.

If you have trouble changing your password, please email your school Testing Secretary (see contact information below) with: Your name, your student's name and your school name, explaining your problem.

We apologize for any inconvenience and appreciate your cooperation.

Testing Secretaries:


Do NOT write down your password in an unsecure location (i.e.: in a desk drawer, in your wallet or in an unsecure file on your computer) … even better, don’t write it down at all.
    • If you have to write SOMETHING down to help you remember your password, instead write down an obscure HINT that will remind YOU of your password, but NOT mean anything to someone else.
    •  OR use a secure password management program, such as Roboform or ewallet 
  • DO create a strong password
    • Use lowercase AND uppercase letters
    • Use more than 8 characters 
    • Use your whole keyboard – combinations of letters, numbers, punctuation and other and special characters make for a stronger password.
    • BUT, for an even stronger password, try not to use “common” letter-to-symbol conversions, such as “E” to “3” or “S’ to $” or “to” to “2” 
  • Do NOT use the same password for everything: You might not mind so much if someone steals the password to your streaming music site … but if that is also the password to your online banking account, you’ll be much more concerned. 
  • DO change your passwords often: Microsoft recommends every 3 months. 
  • DO use a “passphrase”. METHOD #1: 
    • Start with a "random" sentence that you will remember:
      • Complex passwords are safer.
    •  Remove spaces between the words
      •  complexpasswordsaresafer
    • Randomly capitalize a few letters
      •  complexpaSSwordSareSafer
    • Replace at least one letter with a number or symbol.
      •  c0mple&paSSwordS@reSafer
  • DO use a “passphrase”. METHOD #2: 
    • Think of a sentence at least 8 words long that is unusual, yet easy for YOU to remember
      • My Dalmatian, Charlie, loves rawhide bones and long naps
    • Shorten it the first letter of every word in that sentence
      • mdclrbaln
    • capitalize at least one letter
      • mdClrbalN
    • change at least one letter to a number or special character
      • mdClrb@lN


Excerpted from How I'd Hack Your Weak Passwords

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters
0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia
0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

 Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.