- From: Dan Poltawski <dan@moodle.com>
- Date: Thu, 2 Oct 2014 00:11:40 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@lists.whatwg.org>
On 1 October 2014 22:30, Anne van Kesteren <annevk@annevk.nl> wrote: > Could you explain the situation in a bit more detail? Is the problem > that multiple users are behind the same computer? As it seems someone > is more likely to get my password by "shoulder surfing" if I type it > in while they watch vs my password manager filling it automatically. No, different computers. Our software (Moodle), is a learning management system used in teaching environments. Throughout the software there are fields which a teacher would not want every student to see, say they needed to change something quickly in the settings whilst projecting in a lecture hall. For those fields we have a password field. The data in those fields are stored in plain text and shared between multiple teachers (multiple accounts), so when another teacher comes along - they could access it. There is a scale of severity of the data in there - from real passwords to external systems to a shared 'enrolment key' which is a passphrase which might be shared with some students but not others. Here is an example from a bug report we got: "1. Firefox "accidentally" filled in the enrolment key field with some personal information. The teacher didn't know because it just filled with stars 2. They saved it 3. Another teacher came along and hit 'unmask' and their personal information was revealed"
Received on Wednesday, 1 October 2014 23:12:26 UTC