In an effort to strengthen the security protocols of district-administered Google accounts, senior Owen Gong has been working closely with Web Administrator and Technology Coordinator Randy Thomas to decrease the chances of students’ accounts being breached.
After taking several technology courses taught by Stanford and Harvard universities, Gong took matters into his own hands when his friend’s Google account got hacked.
The Brahmas went through a series of referrals by staff members before addressing the issue with Thomas, who he has been working with to tackle the issue ever since.
“When managing a network and the security of passwords, you have to weigh security and usability,” Thomas said. “We can make a very secure system that no one can get into, or we can make a system that is easily [broken] into that is not secure.”
Recently, the two have been trying to lengthen the lockout duration, which occurs after a student inputs an incorrect password.
“If we get it locked at three times, and then you deny the student access to their account for half an hour, that causes problems,” Thomas said. “Once again, you have to weigh security versus accessibility. You cannot push security too far, especially in a school environment, or else we are going to get students locked out of their accounts all of the time.”
Even with the possibility of increasing the waiting period, Thomas and Gong face a much larger obstacle: the strength of student passwords. Since these Google accounts are provided by schools, most students utilize the generic passwords given to them by their respective elementary or middle school. These weaker codes, though easy to remember, increase the chance of students having their accounts hacked.
“I think that our biggest issue right now is the fact that some students still have old passwords that they were given, and they never changed them,” Thomas said. “I would like to see students actively change their passwords if they believe their password is generic or has been compromised.”
Sophomore Helen Januar also noticed these trends among most of her friends who have kept their passwords unchanged for years.
“I remember in elementary, we all had the same password,” she said. “Then when we went to middle school, I feel like half the kids did not change it, and that is a big safety issue. Even now, I feel like some people probably have not changed it.”
Similarly, senior Alan Zhang shared concerns brought on by some students’ unwillingness to change their passwords despite being aware of the repercussions that might arise should they choose to keep these weaker passwords.
“Some people’s passwords that I know of are just default passwords from their middle school, and that means that people can attempt to go inside and steal their intellectual property and personal information,” Zhang said. “It is important [that I change my password] because I store a lot of important documents, such as my college essays [and] homework, that I do not want anybody else to copy from.”
Offering a solution to this issue, Gong explained that an easy way to ensure an account’s safety would be to utilize two-factor authentication—a feature all students have access to.
“A simple way to [avoid using default passwords] would be to assign a random generated keyword string, alongside a backup personal Gmail account,” he said via Instagram. “This way, if you ever forget your school Gmail account, it will be a simple matter to just request for a newer one via two-factor authentication from your personal email account.”
Through his research and experiments with Thomas, Gong discovered that if a password can be easily predicted, breaking into a Google account may not require much effort.
“Knowing default password keywords such as ‘cougar,’ ‘panther,’ ‘eagle,’ or even ‘dbhstudent1’ can absolutely cause widespread damage even without brute-force methods,” he said. “Someone can manually guess your password by knowing which middle school and which year you are from, which is obviously a huge fallacy in this whole system.”
Considering how time consuming and intricate the process of enhancing account security has been so far, Thomas encourages students to create new, stronger passwords for their accounts.
“Do not share your information with anyone. Do not make your password easily guessable. Make a fairly complex password, at least a long password,” Thomas said.