I teach on the Foundation Degree in IT Security.  As you can imagine, a lot of my time is spent researching and looking into issues relating to IT security.  As a result of teaching on this course, I have reassessed my own use of passwords, and most of them are now unique in a format that only I would remember (I hope!).
Today I have tried to register for online access to a banking institution.  I was sent a secure password, in a separate letter to my account number.  The secure password was hidden by a peel off sticker, so that it couldn't be read through the envelope.  Next to the sticker, the letter said 'if you think anyone else has tried to remove the strip, please call us straight away'.  Clearly this organisation takes security very seriously.  All good so far.
I log onto the website using a variety of personal information and my new account number.  I'm asked for several characters from the sticky strip, and then I'm taken straight to a screen to change my password.  Here's where things begin to go downhill.
I try my usual method of creating a unique password, using an algorithm I've invented which can work with any website, but the resulting password is too long.  I can see that I can only use 8 characters for this password - that seems a little short.
I try a shortened version of the algorithm, now I'm told that I need to have a capital letter - that would normally come later in my method, so I have to do a rethink.
I try again, this time, putting my capital letter earlier in the algorithm, but now I get a message saying I need a special character.  No problem, I put a special character in, but the one I have chosen is not allowed.  Rethink again.
After all this messing about, my next attempt says that the confirmation password doesn't match.  I'm not surprised - I've got myself in a complete knot by this stage.
I retype both the password and confirmation, but this time i'm told that the minimum number of numeric characters hasn't been met.  Ok, I'm getting fed up now.  I take a breather to gather my thoughts.
A few minutes later I give it another shot, but now I've been timed out and have to start the whole process again.  Finally, I pick a short, random jumble of characters and I'm allowed in.
I'm then required to submit answers to 5 (yes, 5!) security questions digging into my deep and distant past - Mother's middle name, Grandfather's job, first house, first car etc etc, and then I'm asked for 3 phone numbers that they can contact me on.
Finally, I feel I'm getting somewhere, and I'm asked to choose a picture and a welcome phrase so I know when I've logged in that it really is the site I intended to be on, and not a spoof website.  This part I like, and I've not seen before in this format, it would certainly be reassuring if I clicked on a link from an email to check my account (something I would never normally do, by the way!).
This example begs the question:  has security gone too far, or is this how it should be in the age of cyber-crime?  In addition, why didn't the website give me some examples of what was required in the password?  It wasn't until after I'd sorted it out that I realised such guidance was on the letter I received in the post.  One thing's for sure, I feel fairly confident that no-one will ever break into my account, probably not even me, I doubt I'll ever be able to remember all those details again!!
Endnote:  The precise details of what the website required have been changed in the interest of security ;)
A blog about teaching and technology by Clare Johnson, IT lecturer and Teaching & Learning Mentor at Coleg Gwent. All views represented are my own.
Monday, 23 September 2013
Tuesday, 10 September 2013
Another new year - here's to evaluation
It's the start of a new academic year.  I've been allocated several courses that I haven't run for a year or more - Web Design Level 3, and Photoshop Level 2.  I've also got a new Photoshop Level 3 course starting, along with all my foundation degree stuff as usual.
I've dug out my old files for the first two courses. Firstly, I'm pleased that the folders are pretty much in order - Scheme of Work and student record at the front, and a poly pocket for each lesson, complete with lesson plan, handouts and if it's something a bit tricky, my own tutor notes to refer to. This means all I've got to do is skim over the lesson plan, check I still feel comfortable with delivering what's on it, and perhaps spend 20 minutes or so refreshing my memory on the tools and tips I want to include.
What's really been useful though is the evaluation I added at the end of some of these lesson plans. For example, in Web Design Level 3 I've got a partner activity for the first lesson, where the learners will pair up, find out some information about each other, and then create a simple website on that person as a refresher in Dreamweaver. As part of the process, the learners must show each other something from their mobile phone - a ring tone, photo, or text for example, that tells their partner something about themselves. I read through the activity sheet and thought 'hmmm, I wonder if that will work...'. Then I noticed that on my evaluation for that session I put 'Worked really well in one centre - mobile phone task was great fun; was concerned about using it in the other centre but actually very successful'.
It reminds me how useful evaluation can be - it's not just a tick box exercise for the inspectors - it really does help us as tutors when we come to delivering the session again. I must now make an effort to continue recording this information for my future classes.
I've dug out my old files for the first two courses. Firstly, I'm pleased that the folders are pretty much in order - Scheme of Work and student record at the front, and a poly pocket for each lesson, complete with lesson plan, handouts and if it's something a bit tricky, my own tutor notes to refer to. This means all I've got to do is skim over the lesson plan, check I still feel comfortable with delivering what's on it, and perhaps spend 20 minutes or so refreshing my memory on the tools and tips I want to include.
What's really been useful though is the evaluation I added at the end of some of these lesson plans. For example, in Web Design Level 3 I've got a partner activity for the first lesson, where the learners will pair up, find out some information about each other, and then create a simple website on that person as a refresher in Dreamweaver. As part of the process, the learners must show each other something from their mobile phone - a ring tone, photo, or text for example, that tells their partner something about themselves. I read through the activity sheet and thought 'hmmm, I wonder if that will work...'. Then I noticed that on my evaluation for that session I put 'Worked really well in one centre - mobile phone task was great fun; was concerned about using it in the other centre but actually very successful'.
It reminds me how useful evaluation can be - it's not just a tick box exercise for the inspectors - it really does help us as tutors when we come to delivering the session again. I must now make an effort to continue recording this information for my future classes.
Subscribe to:
Comments (Atom)
