That is pretty crazy. I've had instances at school where a group account was used. Each PC had a user account for a different class period, but the passwords were exactly the same and couldn't be changed. So I implemented my own protection strategy for my "group" account on this thing. My program kept logs of login times, and even prompted a second set of passwords and noted if they were correct or not. Of course you could ctrl+c past it, but it kept logs that I would check. But to make things worse, the "student folder" for each group was on a publicly accessable drive and it was a breeze looking at the work of other students anyways. So I set up a second set of protection, but it didn't quite work out since Explorer would complain about running "potentially unsafe" ActiveX controls... And then some kid asked me for some of my code, I gave him a small sample, and he recommended it to the teacher to protect the student's folder, claiming it as his own... Unfortunately this kid also thought he could put his password into a DB in MS Access and use the password mask to protect his password... I noticed that pretty much everyone in my class had an urge to beat him up one of these days...

On a different note, that is pretty scarry. Especially seeing parts of this myself in a school environment. The one thing I've seen people protect are the passwords to their hotmail account. There probably isn't a big enough incentive to protect anything else...