SSN-based UserID and Password

With the increased awareness of data security, it seems unthinkable that in 2009, a company would be so careless as to setup an internet-accessible website where user id and passwords would be based on social security numbers (SSN).

EideBailly, which bills itself as a top 25 CPA firm in the US, describes its new login procedures where the password is derived from the user id, and both are based on the employee's SSN.
***Please note new login procedures*** [emphasis from source document]

Enter your social security number as the User Name and last four digits of that same number as your PIN. Click on the “Log in” button. A new screen will open to “Set Up Your New Account.” In the User Name and Password field, type in a unique User Name and password. The password is case sensitive and must contain at least six characters, one of which must be a number. Enter an e-mail address to be used if you lose your password. Enter a security question and answer. Click on “Create the User.”
Src: EideBailly Employee Benefits Login Page

No comments: