I recently discovered that 2 individuals can log into the same canvas account, and while one is taking a quiz (where # of attempts = 1), the other can enter the same quiz while it's being taken. We had an incident where a student went into the quiz of another student, took pictures of all the test questions, exited the quiz undetected, and sent the pictures to other students through text. I reported this to Canvas and was told that # of attempts only changes to 0 after the quiz is submitted - which in this case it was not. So in another example, a student can use the back arrow to leave a quiz without submitting, and then Resume it at a later time, undetected, because # of attempts remains 1. The only way to know these things happened is by reviewing the activity log for each student, for each quiz.
When i report this issue to Canvas, the response was to buy a 3rd party browser lockdown product like Respondus.
Does anyone have another solution or workaround for what I consider a significant flaw in Canvas?