Various technical articles, IT-related tutorials, software information, and development journals
Wednesday, August 28, 2013
Blackbaud Passwords
Rivermont just switched its online academic portal to Blackbaud, also known as NetClassroom. Being me, I forgot my password the second day and therefore requested that it be reset. I was sent to the Dean of Students, who administrates the portal. She logged into her administrative interface, found my account, and... read my password to me out loud. Blackbaud stores user passwords in plain text. Administrators can read all students' passwords. That's not really a concern for me, since I rarely reuse passwords, but it allows said admins to possibly compromise that student's account in other services. Also, if Blackbaud's authentication database gets hacked, that hacker will have easy (read: instant) access to the student's account. IT directors considering a new academic portal: Don't use Blackbaud; not only is its interface difficult, but it has no consideration for password safety. (Also, curious fact: It makes you set three security questions but doesn't let you use them to reset your password and, as far as I can tell, they don't do anything at all anywhere.)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment