I can’t wait to see the results once you are all healed up ♥️

Signal is great. I have been using it for a long time.

Another one we worked with had someone come in off the street saying they worked there and everyone agreed they did and handed over all the info payed them for it (that was a fun phone call I was on as the management company figured it out in real time).

One facility we worked with got hacked because someone called from the Middle East and told an employee they could help with residents if they have their user name and password.

It’s specifically nursing homes in the US, most are quite bad and are a revolving door of employees. Some facilities have people in charge who don’t know how to do anything but agree to work for little pay so their management company looks the other way.

One capital letter, one special character, and one number, with a minimum of 8 characters. Yep, it was insane for a healthcare records website.

😫 I want to take your photos so badly. You look amazing.

Seems to be. I just got kicked off of what I was working on. 🫤

Hey friend 🙌 just leave your last post as a link to your other social media accounts so you don’t lose any friends.

Resetting passwords through email and logging in through email are the same thing. That’s why my company just moved to magic links after finding most users were resetting their password every day. Plus, it not like 404 Media are protecting super sensitive data that requires robust security.

I’ve found security issues in larger systems, and even if someone were to gain access to our system, they would have no payoff. We handle infectious disease tracking and reporting and CMS compliance for nursing homes. Most of the data is publicly available on the CMS and CDC’s websites.

In theory, a user’s email could be compromised, but that would be the responsibility of the user’s company’s security. Our security is far stronger than that of larger health record systems.

They have one try within 5 minutes to get the code correct on the screen before it expires. We also have custom security setups with different companies, such as IP blocking.

There is no way to get to the screen to enter the code without entering an email first, and the IP address of the person who entered the email must match that of the person entering the code.

Good point, but I simplified it a bit. In our system, the user requests an access code by entering their email; they are then taken to a screen to enter a code that is emailed to them.

A year ago, our healthcare company ditched passwords for magic links. We're likely one of the first in healthcare to do so. Insecure passwords & daily resets were common among nurses due to forgetfulness. Since switching, we've had zero issues.

Done

After seeing the ad I captured as much info as possible due to how ridiculous it was. While checking Facebook early in the morning, after taking my dogs out, I did not expect to be served an explicit ad. I uploaded everything to my Dropbox. NSFW - Start with README.MD www.dropbox.com/scl/fo/5ummi...