The Battle Continues: Security vs. Ease Of Use

Login Prompt

Sometimes in education, we are moving so fast, we fail to see that the playing field has changed beneath us. I believe now is one of those times where things are rapidly changing under our feet, but at times we fail to notice. Online security is rapidly changing, and I’m not sure education in general is ready for that change.

Today I read a great blog entry on Email Policies, which suggests that you have an email policy whether you know it or not! The basic theory of the article is that each company (ie school district) has gone with ease of use OR security… but not both. A nice short read that brings home subtle, sometimes hidden choices we make when providing web services to staff.

In a related vein, banks are making significant changes to login security as a result of 2005 paper entitled “Authentication in an Internet Banking Environment” put out by the government. The bottom line of this article is reached rather quickly with the statement:

“The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Financial institutions offering Internet-based products and services to their customers should use effective methods to authenticate the identity of customers using those products and services.”

Now simply replace the statement “access to customer information” with “access to district employee or student information”. Basically, these same changes being made by financial institutions in the near term will be coming to a school district near you in a few years! Single factor authentication (userid and password only) is on it’s way out and is being replaced by more robust security measures.