I just ran across a little article about a school having its computer system compromised because of a password being swiped. It seems that a student in the 4th grade got the password from a teacher’s desk and then used it to fiddle with the district-wide computer ‘blackboard’ system. No long-term harm was done, but I’m sure the IT folks were scrambling for a while before they figured out what had happened.
Luckily, the alleged child culprit wasn’t prosecuted! While the 9-year old surely misbehaved, in my estimation, the offense doesn’t warrant a criminal punishment. Instead, it should be a call to the school to figure out why passwords are accessible to curious 9-year olds. (Aren’t all 9-year olds curious!?!)
What is missing from the article is any mention of the security policy of the school. Is it standard policy for teachers to write their passwords on post-it notes and to leave them on their desks? Why did this teacher have a password with administrator rights? Do all of the teachers have admin rights? Did the teacher follow procedures for keeping the password safe? Were there any procedures to follow?
We aren’t given any details, but would we be going out on a limb to conclude that the fault or breach is the fault of the teacher, if not the school or district for failing to follow an appropriate security policy for passwords?!