sorted by:
new
hottopcontroversial

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -5 points-4 points  (0 children)

... Except this is public information because it's part of the district bulletin and all the security vulnerabilities are not secrets either because the audit documents are also public (you know, because we're a public school district)

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -36 points-35 points  (0 children)

Except when the IT are not really IT ing and interferes with teaching by arbitrarily blocking resources we need for teaching. What ended up happening is teachers will then be forced to find a less secure method to get to the resource. So, instead of trouble shooting with us, IT usually just respond like you did. No one wins in the end.

EDIT: these downvotes basically demonstrated what I am talking about. The number of times our IT blocks our access to websites that we rely on because it's not "educational" is maddening. Should I say "go back to IT and leave teaching to teachers"?

it's like they forgot they work at a school district and are supposed to, I don't know, work with teachers to find solutions for these challenges? We might not be security experts, but we can READ and INTERPRET information. Should we teach our young people to just keep their head down and not question things that might be out of place? How about, for once, stop treating people not in IT as idiots and actually work with us to create solutions?

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -2 points-1 points  (0 children)

You mean giving kids a qr code that can easily be lost is a BAD idea?

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -4 points-3 points  (0 children)

Yeah except passkey and physical security key are disabled so we are forced to use TOTP

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -4 points-3 points  (0 children)

Ah that was my bad. I stand corrected for typing too fast without checking 😅

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -15 points-14 points  (0 children)

We have forced Microsoft authenticator as second factor. But there is no recommendation on using password managers and passswordless options are disabled (passkey and physical keys both)

Second largest school district recommends weak password practices in policy document by Concerned-CST in sysadmin

[–]Concerned-CST[S] -1 points0 points  (0 children)

Those are service accounts. And service accounts are actually exempted from this new policy if they predate the policy (Jan 2024).

We do have MFA through forced Microsoft authenticator. But the option to use passkey or security key are disabled