Password & Confidentiality | Do's & Don'ts | If You Need Password Assistance...

Passwords & Confidentiality of Information

Rapid City Areas Schools (RCAS) has 3 main areas for passwords that all staff are responsible for maintaining: 1) e-mail, 2) Skyward, and 3) network file servers.

Employees of RCAS are expected to protect their passwords and electronic information as they are expected to protect their keys and paper files. Password management and protecting confidentiality are required by board policy. The Employee Use of District Technology Policy IIBGA states "Employees shall make every effort possible to safeguard confidential information and protect against negligent disclosure" and "Employees shall safeguard passwords and shall be held responsible for any intentional or negligent disclosure of passwords.  Access to confidential data shall not be left open without proper supervision."

A helpful tip: guard computer screens and electronic information as if it had your personal credit card number prominently displayed. Also, employees are expected to keep passwords confidential, even with other employees. No one but you should know your password!

Users are expected to maintain and occasionally change their passwords. Security experts recommend changing your password every 30-90 days. Important note: Once a password has been compromised, users most likely will never know about it. The person with the compromised password can use it at-will to access the accounts without the account owner ever realizing it. Changing passwords occasionally prevents "stealthy" unauthorized users from having long-term access to your account. Reusing old passwords opens the door for that person to get back in.

Do's & Don'ts for Choosing a Password

Do: Memorize your password or keep it in a place you know is safe, such as a billfold.
Don't: Write your password down on any paper near your computer, e.g. in desk drawers, under the keyboard, in binders/notepads, and especially a post-it note on the monitor.

Do: Use a memorable phrase and take the first letter of each word to create your password, e.g. "A penny saved is a penny earned" would become the password "apsiape."
Don't: Use words found in the dictionary. Password crack programs use whole dictionaries to crack passwords. Also, don't use dictionary words with some letters changed to numbers, e.g. L changed to one, or O changed to zero. Password crack programs can easily crack these passwords.

Do: Combine two small unrelated words mixed with some numbers, e.g. africa and jet become africa9jet
Don't: Use pet names, family names, nicknames, anniversary or birth dates, phone numbers, or words from favorite books/movies/songs. It takes little effort for a devious person to gather this information and try it.

Do: Use a mix of letters and numbers for your password.
Don't: Use a number only for a password. Password crack programs can easily crack these passwords.

Do: Use a password 6 or more characters long.
Don't: Password crack programs can easily crack passwords less than 6 characters long.

Do: Mix lower case with capital letters, e.g. the above password would be "apSiaPe." Even if a devious person obtains your password, it makes it more difficult them to use it.

Do: Make a significant change when you change your password.
Don't: Use the same password with a higher number at the end, e.g. africajet1, africajet2, africajet3, etc. Also, do not switch back and forth between 2 different passwords, e.g. africajet, then apsiape, then back to africajet, then back to apsiape, etc.

If You Need Password Assistance...

The RCAS technology department does not store passwords. Also, technology support people are instructed not to give out or change passwords without properly verifying the identity of the person making the request. Employees may be asked to have a secretary, or someone whose voice is recognizable, to help verify your identity over the phone. Employees may also come to Agnes Parr in person.

In most cases the technology support person will reset the password to a default setting. It is the employee's responsibility to change the password to a secure password.