@dmac
What about setting up two factor authentication for that email to point to your cellphone and if a student needs access they must first request the two factor code from you? The code changes often.
You will also want to setup in organization settings that two-factor authentication be set for the organization. This will make sure that the user cant turn it off and try getting in from somewhere else.
For extra layer of security you can then add Login IP ranges so that the site you and the students work from is the only Public IP allowed to login to the dashboard. This is under Organization settings as well right under two-factor authentication.
Cloud Network Engineer | cloudIT
Certified Meraki Networking Associate
Kudo this if it helped! 🙂