A math question

I’m working on a system where students will be able to post their non-digital work directly from a scanning station to their eportfolio blog. I want to make the system simple enough that young kids can potentially use it themselves (and ask our teachers to review the portfolios of our students periodically). To this end, instead of asking our students to enter a user name and password, I’m considering asking them to just enter a 5 or 6 digit passcode made of numbers, letters, or a word (which would be recorded somewhere for easy access for the younger students).

What I hope to avoid are collisions where two codes are so similar that students end up accidentally posting to each other’s blogs (either different by only one digit, or by two digits being transposed). One thought I’ve had is that I can use a barcode or QR code scanner, but as this may be challenging to set up, I may need to use a simple passcode to begin with.

My question is, what is the minimum passcode I can use while minimizing the chance of a passcode collision for our nearly 500 students? I’ve done some work figuring this out for myself already, but I’m curious about some other approaches.



  • Lisa Light wrote:

    We’ve used the 1st 3 letter of students’ first name and the 1st 4 of their last name as usernames without any conflict. It is easy to remember although not very private. To make it more private you could have students add the last 4 digits of their social security number. Being 11 characters long the total possibilities generated will not be the least number needed for 500 students but it will avoid having to “assign” pass codes and is relatively simple to use and remember.

  • David Wees wrote:

    The codes will definitely be unique using your method, but I think they have to be secret, or the potential for abuse is great. Thank you for the idea though. I may use something identifiable as part of the kids’ passcode.

  • David my wife Nina (ninacsmith.com) passed your question on to me:
    Easy question to answer however stay tuned to the end for a built in problem.

    If we allow numbers and letters to be mixed together then having a 5 char Pin Number (his passcode) we end up with (36)^5 or just over 60 million combinations; more than enough space to handle 500 students.

    The problem occurs when we consider that words are easier to remember than numbers generally, although some number sequences are quite easy to remember, e.g., 12345. Now the number of English words of 5 chars in length is quite limited. I would guess around 3000 but certainly less than 10,000. Common English words are probably less than 1500. When we now think of “popular” words we get even less.

    In Computer Science we deal with security and the concept of authentication. Having only the single pin to unlock the system makes it quite easy for mistakes and their is easy opportunity for mischief. In any case, he will need some process for a student to be able to retrieve a pin and to be able to change it.

    Feel free to give him my email address if he would like more information. I would also like to know the age of the students.

    One simple idea would be to use their first name as a User ID and the last 4 digits of their phone number for the PIN. This still allows for mischief.

    Again you should begin with something simple and modify it as you see the pluses and minues of the system.

    Kwajalein Atoll in the South Pacific

  • David Wees wrote:

    Thank you for taking the time to respond, Gary. Your issue with the single passcode authentification is a good point. I have some ideas about this.

    1. The script will be set up to only work from a computer that has a specific, non-administrator account, logged in. This should mean that students can’t try and hack the system at home to post to each other’s blogs, and that it shouldn’t be subject to abuse by 3rd party hackers.
    2. Students and teachers have a very specific way that their user names and profiles are constructed, so using a single code is essentially what we are doing now, so there is no extra security with using a separate code for each.
    3. I definitely want to avoid accidental posting, so hence the reason for my question – what can I do to limit it? I’d ideally like to set up a system so that a small error in the passcode doesn’t lead to an accidental posting. I could also ask students to choose their name from a drop-down system of some sort, which would reduce the chances of that occurring even more.

Leave a Reply

Your email is never shared.Required fields are marked *