[fooqux]

> Not very sophisticated, but very effective, glad they shut him down but we really need to teach basic internet security in schools.

They could start by following basic security. My kid's school sets everyone's passwords to various forms of "temp123" (same password for every kid) and often talks about them in cleartext. It sets a very bad example, and it occasionally gives me hives just thinking about it.

[throenabout]

A friend worked at a UK government site that one week complained about an increase in "Russian" attempted intrusions and literally the next week issued an instruction in an unsigned email to all staff to change their password to a new password given in plaintext in the email.

The instruction, they thought, had to be a poor phishing attempt - but no, it was a genuine email from the IT department and the friend was punished (!!) for questioning the instruction and not immediately complying.

It may not have been the same password across the organisation but their's was reportedly word based and quite short.

[pier25]

I worked at an ed tech company that provided services for schools and this was very common in my experience.

Schools wanted to store the students' passwords in clear text in an excel basically to get less complaints from parents.

Students didn't store their password after logging in. If they needed to log in again they did not know (or did not care) how to reset their passwords. Then the problem would fall unto the parents which would then complain to the school.