Good day, all. I have a particular use case that's a little sticky when it comes to security. I have a client who runs a day care center. They use iPads in each classroom to log into a hosted database that controls lots of workflow for the center - checking children in / out, logging meal activity, etc. Right now, the security is set up with a single account for each room, and all such accounts share a common password. All staff know the common password, and therefore can log into any room they wish.
Now, my first reaction was to recoil like Dracula before garlic. However, the client insists that the staff log in as the room number because they need to have quick access to the system in case they need to get to emergency information about the child. Therefore, she doesn't want staff to have to log out and log back into the system, as staff can change frequently throughout the day. So essentially, it works like a kiosk - with the significant difference that the staff can actually alter data in the system.
So what I'm looking for is ideas for the best way to handle this. Her server admin already hired a pen test company, who quite easily broke in using the uber-simple password and were able to see and manipulate data for any classroom they wanted. Obviously, we can change the password to something less fragile, but you still have the shared password problem.
Has anyone run into this before? What's the best way to handle a system that operates like a kiosk, but with the ability to alter data?