Insecure logins

I worked a ticket years ago where a student claimed not to have taken an exam. The faculty member asked the school who asked us as the hosting provider for the online class system to check on it. What I was able to see in the logs were sessions with two different IP addresses. One was in another state while the other was on the campus wifi network. The on campus one took the test. But, the student was traveling at the time. (We never got told the ultimate outcome of such requests, so I don’t know how that was resolved.)

crop hacker typing on laptop with data on screen
Photo by Sora Shimazaki on

The student admitted to having left the password the default provided by the school which was MMDDYY. The system had a school level option to change the password on first login. But, some students found that password so convenient they changed it back. And apparently the student also had the birthday listed in public view (non-friends). So really anyone could have looked up the Facebook profile and guessed both username and password to login as another student if they left the password the default.


The Georgia My Voter Page strikes me as similarly problematic. It asks for first initial, last name, county, and birthday. That is relatively common knowledge. Anyone who has sent me a birthday card has that at their disposal.

Certainly the whole reason for not allowing the use of cameras in the voting area is to prevent someone from knowing about my voting. They have everything other than who I voted for at their disposal in this website.

Also, the real reason for this post, is I saw about a month ago twin college students who applied to the same university with the same letters starting the first name. So, their logins would be identical. Same first initial, last name, county, and birthday. I am curious how they login to check their vote.

Leave a Reply

%d bloggers like this: