When a teacher makes a student account, they have the choice to set the password for them (through .csv upload) or create accounts individually, where the password is set to the teacher's username automatically. Then, the user is forced to change the password after their first login.

This is unsecure for many reasons, such as if a user finds a new student account, they can easily guess that that account's password will be the teacher's username, and if correct, gain access to the student account. The account would be empty, and easy to reset, but it would be a better practice to ask the teacher to choose a default password that would be used to prompt the student to change their password, instead of risking unauthorized access.

In the image below you can see that when a teacher adds a student their password is set to the teacher's username.


This also happens if the teacher chooses to reset their password using a password prompt on their next login.

I was about to make a suggestion for this
SUPPORT, anyone can passguess accounts like this. What if a teacher makes a bunch of accounts but forgets to set the password of one?

Support. Students NEED to have their accounts secure at ALL times

Related to this, when a student is asked to change password I think it also resets to the teacher's username. I may be incorrect but I feel like this should also be added to the topic as it's similar enough

Support for reasons in OP.

RecessFailsOffical wrote:

Support for reasons in OP.

That's unconstructive.
“Sorry, you have to wait 60 seconds between posts.”

unmissable wrote:

What if a teacher makes a bunch of accounts but forgets to set the password of one?

Adding to @unmissable's post, if a teacher makes a ton of accounts, they wouldn't need to spend nearly as much time.

unmissable wrote:

Related to this, when a student is asked to change password I think it also resets to the teacher's username. I may be incorrect but I feel like this should also be added to the topic as it's similar enough

Yes, this is true. I'll add that to the OP with a screenshot.

support because this would make things way easier for teachers and some school programs already do this.

leahcimto wrote:

*me realising my username has the initials of my schools name*
–
Semi-Support. It would get easier to hack student accounts and get them banned.
I'd say have an email sent to the teacher to log in.

I'm going to note it's still quite hard to find teacher accounts without knowing the teacher's username, since those accounts aren't listed on class pages or individual student accounts. Still though, having the teacher choose an initial password for all students would obviously be more secure

Support. Security is important. Including school districts. In that case students can worry less about their work being ruined or even worse deleted.

ajskateboarder wrote:

I'm going to note it's still quite hard to find teacher accounts without knowing the teacher's username, since those accounts aren't listed on class pages or individual student accounts. Still though, having the teacher choose an initial password for all students would obviously be more secure

Nope!
By default, students follow teachers and vice versa (so they're extremely easy to find). I would know as my previous student account got passguessed because of this issue, and I only found out a few days ago.

Crispydogs101 wrote:

Support. Security is important. Including school districts. In that case students can worry less about their work being ruined or even worse deleted.

-Rodri wrote:

support because this would make things way easier for teachers and some school programs already do this.

guys-

106809nes wrote:

Semi-Support. It would get easier to hack student accounts and get them banned.
I'd say have an email sent to the teacher to log in.

106809nes wrote:

Crispydogs101 wrote:

Support. Security is important. Including school districts. In that case students can worry less about their work being ruined or even worse deleted.

-Rodri wrote:

support because this would make things way easier for teachers and some school programs already do this.

guys-

106809nes wrote:

Semi-Support. It would get easier to hack student accounts and get them banned.
I'd say have an email sent to the teacher to log in.

I disagree because the point of the default password is so the student can set their own password, not for the teacher for them.

bump

106809nes wrote:

Crispydogs101 wrote:

Support. Security is important. Including school districts. In that case students can worry less about their work being ruined or even worse deleted.

-Rodri wrote:

support because this would make things way easier for teachers and some school programs already do this.

guys-

106809nes wrote:

Semi-Support. It would get easier to hack student accounts and get them banned.
I'd say have an email sent to the teacher to log in.

Okay.
So you mean to say children with student accounts are dumber than children without student accounts? And that students won't make correct passwords?

Also, bump.

Support. This seems like a large security gap for students.

bump

bump