Get this, in DeVry's infinite stupidity they actually thought that using your birth date as your password was s good idea. Well, it's actually worse then that. They use the form mmyy, so as long as someone knows your d-number, approximate age and what month you were born, they could get into your account.
So let's see here, in every class they pass around a piece of paper with everyone's d-numbers, so that's not a problem. After you have a camera pic of everyone's d-number it's a matter of guessing their age which is about 10 years ( between 20-30 ), and a month, which is any of 12 possibilities. I know their site doesn't have a max attempt hook on it, so it's a matter of brute force.
The sad part is that they don't make any attempt to make it harder. They don't force you to change your password when you first login, and most of their systems don't use any kind of central auth mech. If a persons birth day is posted anywhere where someone else at school can see it ( facebook friends? ), then you're screwed.
I really have to wonder how DeVry can square itself with this and still call itself a viable source of higher education.
No comments:
Post a Comment