+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
General Chat Thread, Oh my God I thought I was going to be lynched! in General; It's the end of my second week in a new school. My post is a new post as network manager. ...
  1. #1
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30

    Oh my God I thought I was going to be lynched!

    It's the end of my second week in a new school.
    My post is a new post as network manager.
    I have been going through the system over this time and noticed that most of the teaching staff (well over half) still had their default password as their password.
    So in the staff briefing this morning I mentioned this and told them that I would be doing a forced password change for them all on Monday.
    Well the dagger looks I got and the sudden intake of breath from the staff was amazing.
    It's as if I said I was personally going to go and impregnating every one of their daughters!
    At the end of the briefing a scary PE teacher came over and was asking me how she was going to do her job if her password was changing all the time, which is not what I had told them.

    Anyway I'm looking forward to Monday now!
    And I though the staff so far had like d me.

  2. Thanks to reggiep from:

    speckytecky (18th April 2008)

  3. #2
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    I'd seriously think about doing a thorough backup of everything in those staff accounts... then moving them to a new folder and leave a nice little "Readme.txt" file for them

    Then, in the readme file you write a story about a teacher who lost all their work because a child testing defaults, found the account, copied it all to their memory stick and started sharing it all round school... complete with private information, teachers addresses, reports, etc... Oh and then they deleted loads of it... edited more so that it contained profanity and just to finish off sent a foul mouthed diatribe to the headteacher saying they hated the HT, the job and they were quitting, or worse...

    Then at the end...

    Password security 101 Exam:

    Does anyone still have any problems, questions or issues with their password being changed?

    This was just a drill, next time you may not be so lucky

    Obviously you might want to check with Senior management first though

  4. Thanks to contink from:

    greenfieldsupport (30th April 2008)

  5. #3

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,727
    Thank Post
    859
    Thanked 905 Times in 750 Posts
    Blog Entries
    9
    Rep Power
    330
    Lol,

    We were asked to implement a forced password change policy every about 6 weeks from up high. This did not go down well with the staff. When asked I usually mumble something about security and kids learning teachers passwords.

    It's been well over a year now and to be honest, they've pretty much got used to. Still go the odd complaint but I just shrug my shoulders - they new It's not going to be changed!

  6. #4
    e_g_r's Avatar
    Join Date
    Sep 2005
    Location
    Rochdale
    Posts
    460
    Thank Post
    51
    Thanked 26 Times in 17 Posts
    Rep Power
    24
    Were about to go down this route as staff have had the same lame passwords since the begining of time.

    You get the usual whing like 'how can i remember a new password' and 'i use the same one here and at home and on the internet (FFS)

    With a VLE/MLE going to come online a am pressing the SMT to allow only secure passwords with alpha/numeric and special characters.

    If there is resistance i plan to hold a talk where i will show how easy it is for a pupil to 'hack' lame passwords. I will target a staff member with said lame password and ask some general questions such as:

    Do you have any children
    Boy or girl
    whats there name

    BINGO i've now got your password

  7. #5
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30
    I implemented secure passwords at my last school.
    I went through about 2 weeks of abuse and then everyone realised it wasn't so bad.
    The only downside was I had to set the policy for the students as well as I couldn't find how to apply it to just groups.

  8. #6

    Join Date
    Jan 2007
    Location
    Birmingham
    Posts
    807
    Thank Post
    29
    Thanked 36 Times in 24 Posts
    Rep Power
    26
    Quote Originally Posted by e_g_r View Post
    Were about to go down this route as staff have had the same lame passwords since the begining of time.

    You get the usual whing like 'how can i remember a new password' and 'i use the same one here and at home and on the internet (FFS)

    With a VLE/MLE going to come online a am pressing the SMT to allow only secure passwords with alpha/numeric and special characters.

    If there is resistance i plan to hold a talk where i will show how easy it is for a pupil to 'hack' lame passwords. I will target a staff member with said lame password and ask some general questions such as:

    Do you have any children
    Boy or girl
    whats there name

    BINGO i've now got your password

    Yes easiest thing is to get some kids to do a social studies experiment, names of partners, kids, pets, bet half would give mothers maiden name.
    Even forcing staff to change the password isnt that secure. The amount of people who's password is child's name followed by a number that increments with each change is crazy, but it passes all the tests, i.e. James1 >= 6 chars, including one capital and 1 non alpha char.

  9. #7
    iatkinson's Avatar
    Join Date
    Jun 2007
    Location
    Blackburn
    Posts
    135
    Thank Post
    5
    Thanked 6 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by reggiep View Post
    I implemented secure passwords at my last school.
    I went through about 2 weeks of abuse and then everyone realised it wasn't so bad.
    The only downside was I had to set the policy for the students as well as I couldn't find how to apply it to just groups.
    We had split domains to implement different password policies though under server 2008 you can implement different policies within one domain.

  10. #8


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    126
    I did once encounder a student stupid enough to sit at a computer with a teacher's logon name entered and then ask what said teacher's wife's names was.

    At the same school but a few years later there was know minimum password age, so although teachers couldn't use there last 6 passwords some would just change them 6 times so they could have the old one.

  11. #9

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Quote Originally Posted by K.C.Leblanc View Post
    At the same school but a few years later there was know minimum password age, so although teachers couldn't use there last 6 passwords some would just change them 6 times so they could have the old one.
    That's not necessarily a bad thing, provided that the password they keep is a good one (so not spouse's name etc!)

    We're about to enforce strong passwords for staff; what we're actually recommending is that they use phrases rather than words (difficult to remember KJ*196jgv; much easier to remember a phrase with letters, numbers and punctuation) but I know it will floor some people.

    If you are going to force password changes, it's better to do it in small groups - if everyone comes in on Monday, changes their password and forgets it within the hour then you will have a nightmare trying to deal with it all and you will get blamed (because you did force simultaneous changes instead of 10 on Monday, 10 on Tuesday etc!)

  12. #10
    TechSupp's Avatar
    Join Date
    Mar 2007
    Location
    South Yorkshire
    Posts
    1,908
    Thank Post
    304
    Thanked 122 Times in 103 Posts
    Rep Power
    42
    We had a similar thing, staff new to networks, set them up with default passwords which they wanted... now when I started doing audits of printing, it was a case of I didn't print all that, someone must be logging on as me with my password! Now they all wanted to change their passwords!!! Still hasn't changed the main culprits for printing thought, just makes it more definate on who prints what with my auditing :-)
    Another thing is they log on a PC, do a quick job then walk away leaving it logged on and apparently its the systems fault that someone else jumps on a logged in PC to run off a quich print job! Not quite figured out their logic behind that one yet?

  13. #11

    Join Date
    Feb 2006
    Location
    Dorset/Hants
    Posts
    87
    Thank Post
    2
    Thanked 13 Times in 10 Posts
    Rep Power
    20
    Quote Originally Posted by reggiep View Post
    I implemented secure passwords at my last school.
    I went through about 2 weeks of abuse and then everyone realised it wasn't so bad.
    The only downside was I had to set the policy for the students as well as I couldn't find how to apply it to just groups.
    We have student passwords set never to expire, staff were controlled by the timeout mechanism in the domain. This proved awkward, so now we have a script run on schedule at 03:00 on the first day of each term (or was it half term ?) that expires the staff passwords.

  14. #12
    reggiep's Avatar
    Join Date
    Apr 2008
    Location
    In the vast area of space and time
    Posts
    1,550
    Thank Post
    518
    Thanked 56 Times in 50 Posts
    Rep Power
    30
    Quote Originally Posted by TimH View Post
    We have student passwords set never to expire, staff were controlled by the timeout mechanism in the domain. This proved awkward, so now we have a script run on schedule at 03:00 on the first day of each term (or was it half term ?) that expires the staff passwords.
    That sounds interesting. You wouldn't want to share that script would you?

  15. #13

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,780
    Thank Post
    1,813
    Thanked 2,229 Times in 1,645 Posts
    Rep Power
    801
    I force staff password changes at the start of the second week of each term (the first week is chaotic enough as it is)

    The staff moan, but they're used to it now.

  16. #14
    acrobson's Avatar
    Join Date
    May 2007
    Location
    Tyne & Wear
    Posts
    519
    Thank Post
    5
    Thanked 6 Times in 6 Posts
    Rep Power
    17
    We force a change password for all staff every 30 days, each password must be at least 10 characters long, locks out after 4 worng attempts, cannot be any of the last 24 they have ever userd and must be aphanumberic.

    A bit over the top, but, the restore requests have gone down from approx 50 a week to 1-2, if that.

  17. #15
    sdc
    sdc is offline
    sdc's Avatar
    Join Date
    Apr 2008
    Location
    Dorset, UK
    Posts
    312
    Thank Post
    53
    Thanked 42 Times in 37 Posts
    Rep Power
    42
    Quote Originally Posted by TimH View Post
    We have student passwords set never to expire, staff were controlled by the timeout mechanism in the domain. This proved awkward, so now we have a script run on schedule at 03:00 on the first day of each term (or was it half term ?) that expires the staff passwords.
    I would also be most grateful if you were willing to share the script!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. have you ever given this some thought?
    By alexknight in forum Other Stuff
    Replies: 16
    Last Post: 1st November 2008, 10:51 PM
  2. [Joke] Thought for the day
    By mattx in forum Jokes/Interweb Things
    Replies: 5
    Last Post: 5th March 2008, 03:48 PM
  3. Just thought you'd like to know.
    By laserblazer in forum General Chat
    Replies: 19
    Last Post: 12th February 2008, 06:14 PM
  4. Saw this, thought of you
    By CyberNerd in forum Windows Vista
    Replies: 1
    Last Post: 17th December 2006, 02:07 PM
  5. Just a thought but not sure if its possible ..... ??
    By mac_shinobi in forum How do you do....it?
    Replies: 7
    Last Post: 30th January 2006, 09:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •