Wednesday, September 29, 2010

Provide Student Email Passwords to Parents? #googleapps

A colleague recently sent me this question and I've been remiss in not responding sooner:
I am still thinking about this issue of providing our parents with their student's google apps username password.  I would like to provide it for them, but I am struggling with a way to provide it to them.  How would you provide them for your district'sparents (if you would, or do)?

What are your password policies for students?  How do you link different services that require student passwords and manage them?  Who has access to manage them when a student forgets them.

All this is making re-think our entire process for student passwords, and that would be a pretty massive undertaking at this point.

I wondering if it wouldn't just be easier to say: "Contact us and we can reset your child's password and give it to you".  It would be nice to be more proactive than that though.

As I read this, there are several questions which I'm going to summarize below:
  1. How would you provide parents with their students email passwords?
  2. What are your password policies for students?
  3. How do you link different services that require student passwords and manage them?
  4. Who has access to manage them when a student forgets them?
Here are my responses to those questions--including two responses from Google-Certified Teachers--and I welcome feedback from readers who have had to deal with this. I sense that some of the responses to these questions will differ from site to site based on the personnel you have available, their level of expertise in managing various solutions, and how your community approaches privacy.

How would you provide parents with their students email passwords?
If your District has a Parent Portal of some sort, then why not make the default password--the one that when an account is reset, the password is set back to--available from the Parent Portal? Provide parents with the ability to reset their child's password.

If you don't have a Parent Portal type solution, then send a piece of paper home with the student username, password, a variant of the studentID# (sometimes, using the entire ID# is not to be encouraged since it's confidential) and email. Share with parents that they can reset the password by completing an online form where they must provide all the information.

These schools--and I'm not saying their policies are exemplary, don't get me wrong--have some ideas about Student Password reset:

What are your password policies for students?
I'm not exactly sure what is meant by password policies, but the usual stuff that applies to adults applies to students here...really, don't share your password with others. It's a teachable moment, isn't it?

How do you link different services that require student passwords and manage them?
What comes to mind here is Active Directory/LDAP authentication, which is what we use in a large urban school district. You can read about that here. What's neat about LDAP authentication is that you can set Moodle to authenticate users against that, as well as others. How such a system would work with GoogleApps for Education, I'm not sure of. Anyone know?

Who has access to manage them when a student forgets them?
In one large urban district, the classroom teacher has the ability to reset student passwords. In other districts, it might involve a HelpDesk or a system administrator. I would consider a distributed approach--with one or two people at every campus--who could access the student account manager.

Realizing that my responses are probably inadequate, I'm going to share two responses (anonymized) from Google-Certified Teachers below. My thanks to them (you know who you are) for sharing what you do in your District:

Response #1
The accounts we give students use their year of graduation and their first name and last name as their username, ie 13JohnDoe for a student graduating in 2013. This is easy because the school can generate a csv file of students and id numbers and I can upload them all as a group.

I suggested to my principal that he let the parents know how the accounts are set up and that he encourage parents to take a look at their child's "digital notebook."

Response #2
I don't know if this is helpful for you, but I encourage students to
let their parents know their passwords, and they use the same password
(or a variation of it) on every site where they have accounts.

They begin with a network password, which is also their Accelerated
Reader password, and their password for the school's SchoolFusion
website.  We assign them a 5-digit number password to use along with
their usernames.  (Usernames are first initial and last name, with a
number appended if needed in the case of duplicates.)

In third grade, the kids get e-mail and Google Apps.  I use
the same password for both, though Google Apps won't allow the 5-digit
numbers, so we put a lowercase g in front of it.  In fourth grade, I
have them make PBworks accounts, based off their Gaggle e-mail
addresses, and they use the 5-digit number as the password there too.
Near the end of 4th grade, we have them set up Turnitin accounts.
Again, username is their e-mail address, and since Turnitin won't let
us just use 5-digit number passwords, we append a lowercase t to the
beginning of the number.

We recently started using Rosetta Stone with some grade levels, and
their passwords for that are the 5-digit numbers followed by SCM (the
initials of our school name).  In middle school, the kids need a Quia
account to use my Quia quizzes, so they use their usernames with _SCM
appended to the end, and the 5-digit number for the password.

This means that if someone finds out the password for a student, all
heck could break loose.  I use this as incentive to scare kids into
not sharing their passwords.  As soon as someone *might* know their
password, we assign a new one and change it everywhere.  There is
ALWAYS a disciplinary consequence involved for SOMEONE when this
happens, as it's a lot of work for me and a few others on campus.

Delicious Bookmark this on Delicious
Subscribe to Around the

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


Karl Fisch said...

For Google Apps my district did the following. They generated usernames (first name, last initial, and 3 semi-random digits, and passwords (random 6-digit number). Then, in our student information system (Infinite Campus), they created a technology tab that holds both of those pieces of information, and makes that available to both the student and the parent via the parent portal. They do not have the ability to change the password, but can find it at any time as long as they can login to the portal (which is a separate login/password). Teachers also have access to student usernames and passwords.

Jude said...

We didn't create our student's passwords--they did. We also didn't keep any sort of record of them. All we could do was reset them. Why would you need to have teacher, staff, or parent access to student email accounts? But we couldn't use Google Apps at our school because no one could remember the initial password used to set it up, and Google couldn't reset it.

The Courage to Lead