Book smart, security stupid: Rogue professors flunk Security 101

Two academics betray highly ill-advised security practices when using the university's computer network

Page 2 of 2

Assuming that Professor B had simply forgotten to log out, I messaged the mystery person to let him know he was not logged in as himself. Hoping to hear, "Oops, sorry, I'll log out right away," I was shocked when he replied that yes, he knew he was logged in as Professor B. "I needed to get a file from Professor B, but he couldn't stay to give it to me, so he gave me his password."

The mystery student alleged that Professor B simply gave out his university password -- the same password that allowed access to his email, student rosters, student grades, and a number of other troves of sensitive data.

We immediately tried to get ahold of Professor B, but he must have been vacationing in the Bermuda Triangle. We forced the student to log off, explained to him why what had happened was very bad, and reported the incident to security so that they could watch for suspicious activity. At that point my supervisor took over and sent a doomsday email to Professor B demanding that he change his password immediately.

IT made me do it

It wasn't until late that night that we received an email from Professor B. He offered no apology, simply a couple of lines explaining it was IT's fault that he'd given out his password to the student because we'd neglected to give the student proper privileges at the beginning of the semester. By his reasoning, he was forced to share his password.

Apparently, this student was doing a sort of independent study with Professor B. This was the first we'd heard of that situation -- our records showed no request for any kind of class access for the student. And who knows why he thought the solution was to give out his own university password?

Meanwhile, my supervisor spoke with Professor A about why he was using the software outside of class and heard asome poor excuse about transferring a file to a student who was in the lab at the time. He was told again that it was an inappropriate use of the software, but my cynicism says it'll happen again (yes, we are keeping a record). Professor B had to change his password and got a scolding, but that was it. The only real change is that the sticky notes with passwords littering professor's desks seem slightly less bad to me now.

The moral of the story is that when a professor does something really stupid, it's IT's fault. Also, if someone gets Big Brother-like abilities, they're going to use them like it's 1984.

Send your own IT tale of managing IT, personal bloopers, supporting users, or dealing with bureaucratic nonsense to If we publish it, we'll send you a $50 American Express gift cheque.

This story, "Book smart, security stupid: Rogue professors flunk Security 101," was originally published at Read more crazy-but-true stories in the anonymous Off the Record blog at For the latest business technology news, follow on Twitter.

| 1 2 Page 2