Embedded Files
This page has some examples of poor security practices. The examples here are for educational purposes to show why something is a poor practice and what could be done differently.
Sharing Passwords with substitutes and students
Sharing Passwords with substitutes and students
It has been observed at MJUSD that some teachers share their login credentials with substitute teachers to help the substitutes gain access educational resources and stick with the lesson plan. These passwords are shared via written notes, emails, and sometimes with students, who will assist substitutes in gaining that access. Oftentimes, this access also allows the substitutes and students to gain access to some of the teacher's personal accounts (ie. Amazon, Netflix, banks, etc.).
Poor Practice
Poor Practice
Sharing the passwords on a sticky note weakened the password by allowing it to be used by anyone who finds that sticky note.
Access to the computer can allow someone to install ransomware on that computer.
Access to the computer grants access to the teacher's email, which can be used in a phishing attempt by a malicious person.
Access to personal accounts provides sensitive information, like mailing addresses and credit card numbers, which can be used to assist with identity theft.
Sharing passwords with students allows the students to access confidential information in emails and Aeries.
Better Practice
Better Practice
Passwords should not be shared.
The substitute should log in as themself or with a generic account to gain access to the computer.
Some educational resources can have access shared through Google accounts, which removes the need to share passwords.
Aftermath
Aftermath
MJUSD Technology has to reset the password to the teacher's work Windows account and recommend the teacher reset the password to their personal account.
"I have nothing to hide..."
"I have nothing to hide..."
Many faculty members will share their password aloud with computer specialists who are working on the computers. The faculty members are under the impression that sharing the password is okay, because "they have nothing to hide".
Poor Practice
Poor Practice
Passwords should not be shared.
District employees do have things to hide, because they have access to confidential student data.
Gradebooks
Attendance reports
Important work related emails
Some district employees will log into personal banking accounts on their work computer, and a shared password will grant access to that account.
Better Practice
Better Practice
Do not share the password.
Log into the computer or account for an MJUSD computer specialist working on the computer.
working on personal computers
working on personal computers
During distance learning, many faculty members have found working on their personal computers to be more convenient.
Poor Practice
Poor Practice
Personal computers are not managed by district security policies
Better Practice
Better Practice
Use a district provided computer for work related tasks
Page updated
Report abuse