Security ignorance?
There are only a few details about the problem, but it does seem that once you had 'signed up' to the conference app you could 'log back in' by just entering your email address (if it is true). I don't know how prominent any instructions were but it is a massive condemnation of everyone who used the app if they were not immediately struck by the implications of this. Of course some people were, and thought they might have a laugh about it.
Can't someone in Government or the Civil Service please write some simple guidance about what a proper security system should look like? Just the system for a basic access app, not access to the Bank of England or something serious*.
And it was NOT a trivial mistake. Apparently, when you had access you could send messages. How about Mr X messaging Mrs Y that "this is a good link... you will need to sign up though", where the link goes to some dodgy website.
*HINT: how strong is the password? How many failed attempts before locked out? For how long? Can they tell you what your password is if you have forgotten it?
Biting the hand that feeds IT
