Getting out of Password Hell

A while ago I realised that my online life was in password hell. I was using literally hundreds of sites and services that required passwords, but they were held together with a confusing mess of old passwords that I’d mostly forgotten, numerous passwords which were being used on more than one site,  passwords that didn’t meet the usual complexity rules usually required across the Internet, and so on. I often found myself having to do a password reset just to access a site, and of course that new password became yet another one I had to remember. Or forget.

I felt things were a little bit out of hand so I finally took a few steps to clean up my digital life.

First, using the same password for everything is an exceptionally stupid idea. Instead, I came up with my own system that helped me create hard-to-guess, but easy-to-remember passwords that I could apply to any site.  Having a clear system for this meant that when I signed up for some new online service I could quickly come up with a password that was memorable while also being unique to that site. It really helps to have a system. I made sure that my system always met the minimum complexity rules usually found online… that is, they contained uppercase, lowercase, numbers and symbols and were at least 8 characters long. If you do nothing else, come up with a system for your passwords! It’s so frustrating when you attempt to log in to a site that you’ve been to previously and can’t remember your password. So come up with a system for yourself, and please don’t just use the same password everywhere!

Secondly, I turned on multistep or 2-Factor authentication  for passwords on every site that offered this option (and there are a lot of them now). This is probably the single biggest thing you can do to improve the security of your online life. If you go online and don’t use 2 factor authentication, you’re not really serious about your online security. It’s that simple. I find it both amusing and frustrating when I hear people questioning the security of online services, and then find out they don’t use 2-Factor passwords. If you don’t use 2-Factor on every site that enables it,  please, don’t ever complain about the dangers of online security.  It just makes you sound silly. It’s not hard to set up, and if you use something like Google Authenticator to manage your second factors, it’s very simple to use.  The minor inconvenience of having to enter the second factor is far outweighed by the added security. Trust me on this. Turn it on. Now.

Finally, I set up a password manager. I chose LastPass,  but there are others. It took a while to get my head around how LastPass works but once I did, it made life so much easier. If you want to try LastPass for yourself you can get it on this link.
https://lastpass.com/f?7253846

If you are in password hell like I was,  take some of these positive steps to sort it out.

Make up your Mind

Have you had this conversation with another teacher yet?

Me:  Hey, have you ever thought about starting a class blog?  You can use it publish what happens in your classroom, put up all the cool things your class does, and share it all with the world. What do you think?

Them: Are you crazy? Why would anyone be even remotely interested in reading about what we do? And anyway, no one will ever see it… they probably wouldn’t even be able to find it!

And then, eventually, they do start a class blog. And pretty soon the conversation changes to this…

Me: Hey, you should post up those photos of what your class did last week on your class blog. And what about that video you made with the kids? How about we post that on YouTube?

Them: Are you crazy? You want me to put that stuff with the kids online where everyone can get to it? It’s way too dangerous! I don’t want the whole world seeing it!

So which is it? When we post stuff online are we putting it somewhere where no one will ever find it, or are we putting it somewhere that the whole world can see it?

And which is worse?

The Connective Writing Project

I’ve been keen to get more of our staff blogging, since I know from first hand experience what a powerfully reflective process it can be. I’ve always found that taking the time to write causes me to think more deeply about what I do, it makes me more aware of the ideas and approaches that I’m using with those I teach, and it’s also made me a much better writer than I once was. I’d argue that blogging really helps improve your communication skills on many levels while building a stronger foundation for understanding your own beliefs and convictions. There is something both magical and affirming about putting your thoughts down in words, and even moreso when you decide to publicly share those words with others. As you can probably tell, I’m a bit of a fan of blogging (or connective writing, to borrow a phrase from Will Richardson)

During 2011, our school had the opportunity to apply for an AGQTP grant. This grant program is funded by the Australian government’s DEEWR as part of the NSW Quality Teaching Program and, in the case of our school, administered by the AIS. Its goal is to help teachers develop their own professional learning through the creation of action research projects. Our principal asked me to put a proposal together, which turned out to be about creating a blogging project for our Year 6 teachers and students.  It was quite successful, and as well as a complete written report, we also produced this 7 minute video to summarise what we learned.

I remember tweeting about the fact that we were applying for a grant to get our teachers blogging, and getting a reply back from my kiwi mate Allanah King asking why on earth you’d need a grant for that. Allanah, who is not just a fabulous blogger herself but a real pioneer in the ways she has used blogs and other social technologies with her students, found it difficult to understand why blogging had to be a complicated and beaurocratic process. She quite rightly pointed out that you don’t need a government grant to blog, you just need to open one of the many free blogging tools available and start writing!  And she is correct. But what the AGQTP grant process bought us was the time to do that. By providing the funding to get our Year 6 teachers released from class, we could set aside the time to learn this new skill in a far more focused and somewhat systematic and committed way. While it would be nice to think that teachers would just go and learn new skills in their own time for their own motivations, sometimes that just isn’t realistic, so getting some financial assistance to help build teacher capacity was seen as a very welcome thing.

As a follow up, I was also interviewed about this by Selena Woodward from CEGSA in Adelaide after she saw the video. Selena was intrigued by the deliberately open and public nature of our blogging project, a feature that I was insistent was critically important to the project. Blogging behind closed doors, without the potential for writing to an authentic audience, seems completely pointless to me. The South Australian DECS attitude to blogging is somewhat less open-minded. Some people refer to this reluctance as “the Upton effect” because of the shitstorm that DECS created a few years ago when they very publicly  showed their cyber-ignorance by closing down teacher Al Upton’s very popular class blog, the MiniLegends. The regrettable fallout from what happened to Al seems to have caused many South Australian teachers to be overly gun-shy of any online use that might be vaguely interpreted as “social”.  It’s such a shame.

Back in 2008, I had the pleasure of giving the keynote address at the CEGSA conference, where my topic focused on how important it is to be a connected educator, to form PLNs, to get both ourselves and our students connected and functioning safely in this highly networked world we live in. I blogged my thoughts about that keynote at the time, and looking back at that post now, and hearing that so many educators  are still just as wary and frightened of the online world as they were in 2008, makes me sad and disappointed for the kids in their care. It is disappointing that in the last 3 years, during which I believe we are finally starting to see far more educators beginning to understand the really significant shifts in the way technology is affecting the process of education, that there are still such outdated attitudes to learning online.

Overall though, I’m happy with the progress we made with our own blogging this year. It was progress. It wasn’t perfect, and there is lots that I’d change next year, but it’s a good start.

Not Opinions. Facts.

We all see the world through our own personal lens. Consequently, we all form our own opinions about the world and depending on the sorts of experiences you’ve had in the past, your view of the world and how it works can easily be coloured by those experiences.  Sometimes, we form opinions about things based on experiences that are limited or incomplete or biased one way or the other, and the interesting thing is that we still believe those opinions are correct, even when they can be completely wrong.

There’s a lot to be said for real expertise. One of my favourite examples of pitting a narrow opinion against broad expertise is from the movie Cool Runnings.  In one scene, the team coach Irving Blitzer (played by John Candy) is having an exchange with Sanka Coffie (played by Doug E Doug), where they are arguing about who should be the driver of the bobsled. Sanka is a Jamaican pushcart champion and sees himself as the obvious choice. But Jamaica is a small island and Irv has a slightly bigger perspective about it…

Sanka: I’m the driver.

Irv: You’re not. You’re the brakeman.

Sanka: You don’t understand, I am Sanka Coffie, I am the best pushcart driver in all of Jamaica! I must drive! Do you dig where I’m coming from?

Irv: Yeah, I dig where you’re coming from.

Sanka: Good.

Irv: Now dig where I’m coming from. I’m coming from two gold medals. I’m coming from nine world records in both the two- and four-man events. I’m coming from ten years of intense competition with the best athletes in the world.

Sanka: That’s a hell of a place to be coming from!

It happens in education too. There are a lot of people who have all sorts of opinions about what it takes to keep kids safe online. There are still many schools around the world who block, filter and prohibit access to parts of the web on the basis that it’s not safe for children to have access. Other schools take a very liberal approach to the web. Both these viewpoints are based on their own unique understandings and perceptions. If we could just step back a bit, and be a bit more objective, we’d realise that many of our beliefs about the world are rooted in fairly limited experiences, and yet we allow those beliefs to dictate many of the things we do. We think we are the best pushcart driver in all of Jamaica.

When I was in New Zealand last year for ULearn, I was seated at dinner next to a guy called Brett Lee. Brett had given a spotlight talk at the conference about cybersafety and online bullying. While I’ve heard many people talk about this topic in the past (and have even talked to students myself about it), what made Brett’s viewpoint different was the place he was coming from. Unlike most of the “experts” I’d heard talk about this topic, Brett had been a police officer in the Queensland Police Force for 22 years, 16 of those as a Detective predominantly in the field of Child Exploitation. In his last five years of service, he was a specialist in the field of undercover internet child exploitation investigations, and spend his days masquerading as underage children online.  One day he’d play the part of a 12 year old girl, the next a 15 year old boy, the next a 10 year old girl, and so on. For five years he’d go into chatrooms and hang out in all the places that young kids go online, and some of the stories he was telling were pretty chilling. Over the course of those five years, he was personally involved in the arrest of numerous child abusers and pedophiles.

To quote Sanka Coffie, “that’s a hell of a place to be coming from!

Since leaving the Police Force, Brett started his own company called INESS and goes around to schools all over Australia sharing his perspective with students.  He recently presented to our Year 9 and 10 students at PLC Sydney and the feedback from both students and staff was incredibly positive.

Now I think I know a fair bit about the Internet, and I have my own opinions on many aspects of it, but when it comes to this side of the Net there is nothing in my own personal experience that comes even remotely close to this sort of expertise. I daresay there’s not much in your personal experience that does either. While there are many Internet safety “experts” out there, few have this unique perspective that Brett is able to bring to the conversation.

What I like about his message is that it’s not about scare tactics and prohibition. Sure, there are some pretty chilling stories, but the underlying message is that the Internet is a wonderful place, with lots of incredible opportunities, but there are risks that can be managed with a bit of common sense and a few simple steps. It’s not a message of fear and scaremongering, but about understanding the risks and assuming some responsibility for your own online safety. When he spoke to our kids he used a number of examples that related directly to our students (it’s amazing just what you can find on Facebook when you look), which made it all the more powerful.

I hear people ask all the time for recommendations on someone to talk to their students about cybersafety and cyberbullying (both terms I don’t much like, by the way). I’d suggest you take a look at Brett’s website and see if maybe his message is what your kids need to hear.  I suspect that most students would get a great deal out of what he has to say.

Here’s a video clip of Brett from the Edtalks series that gets recorded each year at ULearn.

Head in the Sand

I was following a discussion on a mailing list today about the various internet blocking and filtering policies that different schools implement. Someone said their school was revising their fitering/blocking policy and wanted to know what others were doing. From the replies I saw, it seems that many schools are still running scared of what their kids might do on the web, and still block access to useful services like YouTube and Flickr, and pretent things like Facebook and Twitter don’t exist. Seems that even after 10 years, Web 2.0 is still a scary bogieman to many schools.

I’m curious to know why, in the schools that do block access to certain sites (and it sounds like it tends to be mainly social media sites), what educational reason is given.  I’m just trying to look at the other way for a moment and instead of assuming that sites should be blocked unless a case it made to unblock them, why we never seem to do it the other way around. Is there really any reliable research to support the idea that we block first and ask questions later?  In schools that block, what are the educational arguments given for why that blocking takes place?

The usual reason is “duty of care”. The idea that we need to be doing everything we can to protect our students from every possible harm. I’m more concerned about the other kind of harm. The kind caused by overprotective shielding from the real world.

I took a Year 6 class the other day and was teaching them some “Googling skills” and ways to find information quickly online.  We had an impromptu game of Google Trivia, where I was asking them quiz-style questions and they were trying to find the answers as quickly as possible.  At one point I simply said “Look up your own name”.  To the great surprise of many of them (about half the class) they DID find themselves online – mentions of their name in sporting results, school newsletter articles, family businesses, local newspapers stories, etc.  ALL of them were surprised and NONE of them had any idea that there was information about them to be found online (ie, they didn’t put the information online themselves).

It led into a really interesting discussion (and an idea that drives the access policy we implement at my school)… it’s not a question of IF you can be found online, it’s just a question of WHAT will it say about you.  There is no question that these students will end up with a digital footprint/tattoo as they grow older, and the “body of evidence” that defines their online existence will continue to grow as they get older.   This will happen whether they consciously do it or not… Does anyone seriously believe it won’t? So there is a fairly strong compulsion (in my opinion anyway) that we need to educate children to create and manage their digital presence/persona/footprint so that it says the right kinds of things about them. Putting our head in the sand and pretending that places like Facebook with it’s 600 million inhabitants, or Twitter with over 200 million users, can simply be ignored because there might be some risk involved is a massive failure of duty of care because we are neglecting to responsibly educate our kids in the very worlds they inhabit.

Blocking access to the social networks, and pretending these things will just go away if we ignore them, is foolhardy at best and dangerous at worst. I’m actually looking forward to the first class action suit against an education system for knowingly restricting students’ access to environments that are a core part of growing up in a digital world.  It’s not the “stranger danger” of the online world we need to be concerned about. It’s the culture of fear and uncertainly that we propagate by not allowing our kids to play responsibly in that world.

Image: ‘As seen on Halsted Mt
http://www.flickr.com/photos/24369373@N00/4817906071

Public Visibility

I have an RSS feed set up that automatically scans the Google news feeds for the phrase “PLC Sydney” or “Presbyterian Ladies College“, so anytime either of those phrases appear in a news publication worldwide I get notified of it.  (Which, if you want to monitor your school’s online public image, is a useful thing to set up by the way!)  While I do get the occasional mention of other Presbyterian Ladies Colleges such as the ones in Melbourne or Perth, and occasionally the abbreviation PLC Sydney turns up some non-related stuff, having the RSS feeds scanning the news for mentions of your school is handy.

Recently, I spotted this article in one of the local papers.  It was a project that I didn’t even even realise was taking place in the school so I was surprised when I spotted it.  (I also like the idea that some of our teachers are now doing interesting projects that use ICT and they don’t need me to make it happen!  Yay! The good kind of redundant!)

What I find amusing is that the newspaper has published the name of the school and the full names of the students, along with a photo… three pieces of information that the cybersafety experts will all tell you should not be made available online.  I suspect that if one of our teachers got their students to do an in-class online project that published their full name, school and photo, they would get a stern talking to.  However, there is still a belief that, because it was published “in the paper” (which also happens to be online) then it’s ok.

We do, in fact, have a “Do Not Publish” list of students, which is derived from a form that all parents fill out at the start of their enrolment at school.  On this form they give advance permission – or not – for their child’s photo and name to be used in school publications.  We keep a record that covers both print and online separately, and before any child’s details can be published we check the Do Not Publish list.  In reality, out of a school of 1300 kids K-12, we have maybe less than 10 whose parents have elected for them to remain unpublishable.

Personally, I think that the benefits of getting some press for the students, either online or in a more traditional format, is enormous. Sporting achievements, success in interschool competitions, musical events, academic successes, etc… these things are all worthy of celebrating and telling the world about. The boost that these kids get to their self esteem, their reputation and their public visibility is a positive thing and these sorts of publications can start to form the basis of their longer term footprint, digital or otherwise.  While we have to respect the wishes of parents who choose not to allow their children to be published (and sometimes those wishes are based on valid reasons and sometimes it’s just paranoia and fear) the kids who do get published “in the paper” really love seeing themselves there.

In a world where being “in the paper” also means being online, this opens a real can of worms. We tell the kids one thing as we drill cybersafety into them – don’t give away details like your name or school – yet we gladly celebrate them being published online in other more traditional forums using all of these very same details.  It’s an interesting double standard.  The local paper is published to the open web with no passwords, no restrictions, yet we baulk at getting kids to publish the same information about themselves to other formats that are equally as open and public.

Thank goodness that all those fears about online safety are so blown out of proportion or this might actually be a real problem.

PS: By the way, if you haven’t seen it, the students’ final work is online at http://plcvasproject.blogspot.com and is worth seeing.  I’m sure they’d love a comment or two if you get a chance.

Photo embedded from the Inner West Courier

Dirty Rotten Scoundrels

If there’s one thing I hate it’s when people assume I’m an idiot and try to rip me off.

So when I got home today I opened the mailbox (yes, the real one!) to find this letter from a company called the Domain Renewal Group.  Their letter – which looked very much like an invoice –  was addressed to me as the owner of the domain betchablog.com and kindly informed me that this domain was due for renewal soon and that I should pay this as soon as possible.  The wording on the letter said that “the domain name registration is due to expire in the next few months“… and that… “Failure to renew your domain name by the expiration date may result in a loss of your online identity.”

All of that is true.  Betchablog.com IS coming up for renewal, and I DO need to renew it. The problem is that Domain Renewal Group are NOT my domain registrar, and they never have been.  I happen to have all of my various domains registered with GoDaddy, and I’ve never even heard of this other mob.

A closer reading of the letter reveals that all of the statements in their letter are technically correct, but written in such as way as to be misleading and underhanded in their deceptiveness.  The letter reads just like a regular renewal notice, but is in fact a transfer and renewal notice.  By signing it and sending it back with payment it would authorise them not just to renew the domain, but to take the domain away from the current registrar and move it their overpriced services.  How overpriced?  Well, I just took a look at GoDaddy’s site and it seems the going rate for a new .com domain is USD$10.69.  Their price for a domain transfer with 12 months renewal is only USD$6.99.  For the same thing, the Domain Renewal Group were about to charge unsuspecting or careless domain owners AUD$45 (about USD$41.50).

The thing is, there are many organisations where the bills are often paid by a different department to the ones that register the domains, that wouldn’t even question such an invoice when it arrived. The wording is sneaky enough, and the format looks enough like an invoice, that many people would just pay it without even questioning it.  I find this notion of trying to trick people into doing things they don’t mean to do is an appalling business practice.

There happened to be a Toronto-based phone number on the form so I rang it using Skype. The guy who answered asked what he could help me with, so I told him that I was very unimpressed with this deceptive and misleading way of doing business.   He sounded both surprised that someone would bother to call just to complain, but judging from his tone this was not the first time he’d had a complaint about it.  His response was a careless, “Like, whatever”, but he incorrectly assumed that there is nothing I can do about it other than complain.

He forgets that we live in an age where everyone is a publisher. He stupidly neglects to consider that the very customer base they are trying to mislead – those domain owners who own blogs and websites – are the exact same people who own their very own “personal printing presses” in the forms of blogs.  If you’re going to pull this scam-like crap on people, how stupid do you have to be to do it to people who can publicly tell the world about it?

My advice?  NEVER do business with the Domain Renewal Group.  Tell your friends never to do business with the Domain Renewal Group. And if I did have any domains registered with them I would be immediately transferring them elsewhere.