This healthcare facility has an external website that providers can log into to access information about patients that have been seen there, reports a pilot fish in the loop.
"Normally when we set up new users, we email them a standard form with their user ID and an initial password, which is not explicitly spelled out but is a combination of a unique letter/number phrase and part of their Social Security number, which is not in the email," fish says.
"But now the director in charge of setting up facilities for access has a new request: 'Set them up with access and an email account on our system, so that the login information is secure.'
"OK, how do they initially access that email account, which will only be used to send them one email, and will have the same initial password as the website?
"Of course, once they log into their email and change their password, the website credentials email will be wrong because that won't be their password any more..."
Sharky has a healthy hunger for stories. So send me your true tale of IT life at firstname.lastname@example.org. You'll score a sharp Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.