Show Navigation
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 14-Apr-2021 02:52:30 UTC
-
I should explain the “insecure-but-required” part.
One time when I was off-work, they instructed me that I had to do job searches on the #CalJobs site as a condition of receiving unemployment insurance benefits. I went to the site and found that I had once created an account. I knew neither the username nor password.
I clicked a link for forgot username and entered something they requested. I wound up on a page that had the names, usernames, and #SSN of everyone who had joined the site while living in the same municipality.
From there, I found my username, which (together with SSN) was enough to bring me to a page that showed me my password.
This was years ago. I immediately used the site’s contact information to inform them what I’d found, but they did not respond. And in fact, the whole process was repeated a few years later. I’d like to think they have since changed this, but previous experiences have convinced me that they will never change until there is a major data breach traceable to the software.
(Multiple state “Job Service”agencies have this same software running their sites; software produced by “Geographic Solutions, Inc”.)