Generic Passwords Expose Student Data

Makarand writes "The personal information of thousands of California children and their teachers was open to public view when the school districts issued a generic password to teachers using the system. Until the teacher used the system and changed the generic password to a unique password, anyone was able to type in a teacher's user name and generic password to gain access. Administrators shut down access to the service after a reporter phoned in to let them know that she had been able to access student information for all the children in two middle-school classes where the teachers had not yet changed their passwords." From the article: "'I'm fuming mad,' said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday -- three years after the district purchased the service for elementary and middle school teachers. 'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'"

Sigh

[GoodOmens]

I missed out on having the ability to hack my middle teachers computer's. All we had were apple IIe's and Oregon Trail (Which still rocks btw) :-(.

Re:1234

[Gr33nNight]

Thats the same combination on my luggage!!

My company is just the opposite

[Quiet_Desperation]

My company requires new users to navigate the Labyrinth Of Despair, swing on burning ropes across the Chasms Of Molten Hate, do battle with a dozen skeleton warriors and all the while collecting obscure Myst-like clues in order to figure out the initial login password.

And if you forget your password, you have to do it again.

Blindfolded.

A new college hire involved in a password change request.

Some have suggested our IT folks have gone a bit too far. They claim not, but it's hard to argue with new account setup metrics of 14 dead, 39 severely wounded and 21 missing (presumed logged in).