One thing we're all taught from a young age is to be safe online. Keep good passwords, don't reveal personal information, etc. And who loves to teach us those lessons? Our schools. So why do they fail so horribly at internet safety?
Our school made recent changes to the system to set all of our usernames as our Student Identification Numbers (SINs). Each SIN is a unique number tied to all of our grades and accounts within the board. We used to have a slightly more secure system which involved your full name and the last three digits of your SIN, but that was scrapped in favor of just your SIN due to "security risks".
The biggest failing of this change is that SINs are assigned sequentially. The bigger the number, the newer the account. Why is this bad? Well, all new accounts are assigned with the password of "12345678". In fact, all accounts up to grade 2 or so are "12345678", so with that one password any any number within a certain range, you can log into any new account. Finding new accounts is as simple as finding the usernames with the biggest numbers*.
Do you know how many accounts are open like this? Thousands. Yes, you heard me right, thousands. Can you imagine how much of an impact that would be if someone locked out all those accounts? If someone created a little botnet? If someone even just gave away the classroom codes and personal data stored on every single one of those accounts**?
I realize that only younger students suffer from these vulnerable logins, and they don't have any permissions, but we should really be setting a good example by giving them at least somewhat secure passwords. What right do you have to tell us about why we need to be safe online when you can't even manage simple login? This system is frankly stupid and the school board should be ashamed.
*this can be done through the organization directory on google.
**not that google doesn't give personal info out anyways... no harm done there I suppose.
Logging into a random account:
I didn't go past the account setup screen, but I do realize that this is still wrong. I'm sorry for that. Hopefully I can contact my school board with this information and make up for my poor actions.
Searching for new accounts to log into:
Most accounts from 701000000 - 701010100 are open. 10000 potentially open accounts... jesus. I haven't even gone down all the way, and who knows how many early accounts were created but never accessed (students leaving the board, name changes, mistake accounts, etc).
I find accounts with lower numbers more often use different passwords as parents sometimes are smart and take matters into their own hands, changing to more secure passwords. Kudos to those parents. You're doing great, and your child is gonna thank you when they don't get hacked because of this!
Our school made recent changes to the system to set all of our usernames as our Student Identification Numbers (SINs). Each SIN is a unique number tied to all of our grades and accounts within the board. We used to have a slightly more secure system which involved your full name and the last three digits of your SIN, but that was scrapped in favor of just your SIN due to "security risks".
The biggest failing of this change is that SINs are assigned sequentially. The bigger the number, the newer the account. Why is this bad? Well, all new accounts are assigned with the password of "12345678". In fact, all accounts up to grade 2 or so are "12345678", so with that one password any any number within a certain range, you can log into any new account. Finding new accounts is as simple as finding the usernames with the biggest numbers*.
Do you know how many accounts are open like this? Thousands. Yes, you heard me right, thousands. Can you imagine how much of an impact that would be if someone locked out all those accounts? If someone created a little botnet? If someone even just gave away the classroom codes and personal data stored on every single one of those accounts**?
I realize that only younger students suffer from these vulnerable logins, and they don't have any permissions, but we should really be setting a good example by giving them at least somewhat secure passwords. What right do you have to tell us about why we need to be safe online when you can't even manage simple login? This system is frankly stupid and the school board should be ashamed.
*this can be done through the organization directory on google.
**not that google doesn't give personal info out anyways... no harm done there I suppose.
Logging into a random account:
I didn't go past the account setup screen, but I do realize that this is still wrong. I'm sorry for that. Hopefully I can contact my school board with this information and make up for my poor actions.
Searching for new accounts to log into:
Most accounts from 701000000 - 701010100 are open. 10000 potentially open accounts... jesus. I haven't even gone down all the way, and who knows how many early accounts were created but never accessed (students leaving the board, name changes, mistake accounts, etc).
I find accounts with lower numbers more often use different passwords as parents sometimes are smart and take matters into their own hands, changing to more secure passwords. Kudos to those parents. You're doing great, and your child is gonna thank you when they don't get hacked because of this!
