ICCSD staff are required to choose a district account password of at least 16 characters in length. Please read on for answers to frequently asked questions regarding our password policy. 

 

How do I change my password? 

Any district staff member may log in at https://password.iowacityschools.org and click "Change Password". 

 

When you change your password, the change will be immediately synchronized with your ICCSD Google account as well, meaning that you will likely need to log in again to web browsers or apps that are connected to your ICCSD Google account. 

 

If you run into problems or have additional questions, please reach out to the ICCSD Technology Help Desk.

 

How will I remember such a long password? Choose a passphrase!

While a 16-character password may seem difficult to remember, the ICCSD Technology & Innovation Department encourages the use of passphrases that are easy to remember but hard for a machine to guess. Passphrases are generally short sentences that use easy-to-remember, common language instead of complicated combinations of numbers and symbols that have been a hallmark of password advice in the past. Learn more about the use of passphrases here, and check out some sample passphrases - along with how long it would take for a computer to guess them - below: 

 

Sample passphrase: ireallylikecandy

Length: 16 characters

Time to crack: 34,000 years

 

Sample passphrase: mydogbarksattrucks

Length: 17 characters

Time to crack: 23,000,000 years

 

To test the security of a potential password or passphrase, we encourage the use of the “How Secure Is My Password?” tool at security.org. On this site, you can enter any potential password to see how quickly a computer could crack it. 

 

Why is the district requiring this now? 

School cybersecurity has been in the news lately, with high-profile cybersecurity incidents impacting Cedar Rapids, Linn-Mar, and Davenport in our area alone. Prior to any of those attacks, ICCSD began a long-term engagement with a cybersecurity firm that has included, to this point, a penetration test and a risk assessment. Both of those activities concluded that password security was a major vulnerability for the district, and should be addressed as soon as possible. 

 

Will we be required to change passwords on a regular basis? 

No. Per NIST password guidelines, passwords that are sufficiently complex and haven’t been exposed publicly do not need to be changed on a regular basis. If we receive information that indicates that a user’s password has been or may have been compromised, we will reach out to individual, impacted users to initiate a password change. 

 

We started using multi-factor authentication on our Google accounts last year; isn’t that enough? 

While multi-factor authentication is tremendously important, it is not sufficient to protect your accounts and your data by itself. 

 

Will students need to choose a very long password? 

No. While password security is a topic that is discussed with students in an age-appropriate manner as part of their library curriculum, it is unrealistic to expect that all students use a 16-character password, and the risks associated with a compromised student account are less than that associated with a compromised staff account. That said, all students are able to choose long passwords for their account and will be encouraged to do so to an age-appropriate extent.