Sifting through various educational forum posts and blogs recently I came across an entry that discussed the conventions by which pupil usernames are created on a network – and what information they contain.
When I joined my comprehensive school in 1998 I was given the username 98MARSHALLJ. The school had always used the [year of entry]+[surname]+[first initial] convention; indeed I continued the practise when I took responsibility for creating new intake users in the schools I have worked in. Unfortunately in recent years the dangers of sharing aspects of your digital identity with strangers have become all too prevalent and IT managers and policy makers in schools are beginning to look at just how revealing something as innocuous as a username can be.
Take, for example, a simple email:
<hr /> <p><strong>To:</strong> firstname.lastname@example.org<a href="http://www.jamesbmarshall.com/wp-uploads/2010/02/email1.jpg"><img style="background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: right; border-top: 0px; border-right: 0px; padding-top: 0px" class="alignright size-medium wp-image-758" title="E</a> <br /><strong>From:</strong> email@example.com</a></p> <p>Hello Joe,</p> <p>I really like under water basket weaving too!</p> <p>James</p> <hr /> <p>From this perfectly innocent email we can determine:</p> <ul> <li>Roughly how old I am from the first the digits – typically denoting year of entry. </li> <li>My full name. </li> <li>The school I’m attending. </li> </ul> <p>For the ‘Facebook Generation’ this is more than enough information to begin searching the Internet with. Anyone could do a simple search of a social network such as Facebook or MySpace with the few details above and narrow the choice down to a few people in a couple of minutes.</p> <p>From here people with malicious intent could begin making moves on a pupil.</p> <p>There is a strong case to be made, if only for this reason, that user names on an school network should be obfuscated to reduce the amount of information volunteered unintentionally. Instead of the 'traditional' nomenclature for creating users, IT managers could opt to use a pupil's UPN number, or any other unique but not identifiable string.</p> <p><strong>"Sir, I've forgotten my username!"</strong></p> <p>Naturally, one of the more obvious reasons for adopting an easy-to-remember naming system is that pupils can be like goldfish and often have trouble remembering their own password from week to week, let alone a complicated user name. Ben Nunney, @bennuk on Twitter, from Microsoft's Live@Edu team talked about <a href="http://blogs.msdn.com/ukliveatedu/archive/2009/08/05/what-makes-an-email-address.aspx">what makes an e-mail address</a>, and some of the considerations there are (simplicity, single sign-on, etc), over on the Live@Edu blog.</p> <p>Personally I feel that it should be an enforced learning curve for the pupils - there are many things you have to learn to remember in life from your National Insurance number through to your car registration number and more, so the practise of learning something like this should not be avoided but encouraged. Not only that, but the reasons behind having an obfuscated user name could be taught to pupils as part of any lessons on digital identity.</p> <p><strong>Times are changing...</strong></p> <p>Over the last few years the link between pupils experiences of computers in schools, and their development of a digital identity on-line has become much tighter. Pupils freely communicate with others using the various resources available to them - some pupils first email account may be the one provided to them by their school.</p> <p>At this early stage in their on-line life they may already have the choice over how much they share about themselves made for them by 'the system' over something as simple as a user name.</p> <p>Some could call this scare-mongering or cynicism - others, a precautionary step in protecting pupils.</p> <p>So then.... What's in a [user]name?</p> <p><em>If you're interested in finding out more about digital identity the University of Reading is behind the </em><a title="This Is Me" href="http://thisisme.reading.ac.uk/" target="_self" rel="noopener"><em>This Is Me</em></a><em> project aimed at helping people learn about their digital identities by producing and testing learning materials for use by individuals and groups.</em>