Tyler Kendall and Isabel Lawrence
Editors-in-Chief
NCHS instructed all students to immediately reset their passwords for PowerSchool, Moodle, Destiny, Google Apps, Digication, and Naviance accounts on Thurs. May 16. This change was brought about as a safety precaution for the privacy of students as well as by the need to maintain secure technological habits, according to NCPS Technology Director Robert Miller.
Although administration encourages password resets once or twice per school year, this password change was spurred by students’ ability to access classmates’ computer log-ons and PowerSchool accounts. Junior Jacob* was one of the students who learned how to do this. “It’s easy,” he said. “All you do is search your name and say New Canaan High School student ID and it comes up. Then you go in PowerSchool and you type in their name and ncps-student ID.”
This easy availability of student IDs alarmed some students who were not aware their grades could be easily accessed, according junior Ralph*. “One day when I was in the library, a couple people were showing me this thing on the computer where they googled peoples names and you could see their student ID,” Ralph said. “Considering at the time the way to access your PowerSchool was through your student ID, I felt kind of uncomfortable. I was unsettled about someone eventually accessing my grades just because I felt that that was kind of private.”
The administration was approached by students who felt the faculty should be alerted to this capability. Dr. Miller credits these students with helping correct the problem. “We identified through some students a vulnerability with the passwords that were out there,” he said. “And anytime that we identify a vulnerability to our system, we take every precaution necessary to secure it.”
The vulnerability that was identified was the fact that student IDs were available online. Dr. Miller and his staff worked to ensure this information was no longer public knowledge. “[Finding IDs online] was part of the security breach that we had. That was an error in how some piece of our network was set up,” he said. “It has been fixed already and we’ve worked so that data is no longer available publicly on the internet. Both the internal piece and the public knowledge of how to access that data has been eliminated.”
In addition to taking the student IDs down, the passwords were changed to prevent any future security breaches. “If
we felt that the passwords had become compromised to some degree, which they were, we took the steps to change passwords and initiate what we call a forced password reset,” Dr. Miller said. “They couldn’t use the old password and [the new password]had to have at least eight characters so it would be more secure.”
Although the changes may have caused confusion, Principal Dr. Bryan Luizzi understands the importance of refreshing log-ins. “It is good practice to do it periodically, so we figured itf we’re going to go through the chaos, we might as well get it all done,” he said. “I know for some folks it’s the end of the year and they’re seniors, they want to get out, but it’s good to do it and I think a lot of people were using the same passwords with Google just because it’s easier, I always do. So to have them change it in one place, it’s probably good to have them change it everywhere.”
This chaos can be caused not only when students discover other peoples’ log-ins, but when students give their log-in information to friends, which violates the accepted use policy according to Dr. Miller. “The important thing to realize is any time you try to use somebody else’s password, regardless of how you obtained it, you are violating a code of ethics we have here in the school as students and as teachers. It’s a security breach.”
Although this was a security breach, Dr. Luizzi does not believe it was widespread. “I do not think it’s been a problem. I really don’t,” he said. “I think that students are pretty responsible, and just because they can, doesn’t mean that they did. We really don’t have any reports of anything going wrong or going missing or anything like that. This has come to our attention so we want to do something about it immediately instead of hoping that nothing does happen.”
Junior Arthur, who knew how to obtain other students’ passwords, did not see the problem as having come out of malicious intent. “I think people were just curious,” he said. “We’re not trying to do anything bad or make them feel bad about themselves, but we’re just curious about people’s grades I guess, like what they get.”
Junior Anthony* used the grades to help him in the college process. “I used it to compare myself to seniors that are going to my top school,” he said.
Despite the conflict, the administration is proud of the way the student body reacted with honesty. “That shows high character and high value structure of our students here, that they would be willing to come to us and share with us a problem that they’ve identified,” Dr. Miller said. “And that’s a wonderful culture, a wonderful school community to be part of.”
*Name has been changed
