John Muir Health

I visited the doctor yesterday, and was told that they have a new online portal to use to interact with them, including retrieving test results and the like. I was encouraged by the enrollment process: they gave me a form with a 15-character activation code to establish my account. This was significantly better than similar systems I have been asked to enroll at in the past.

After entering my enrollment code, birth date, and postal code, I was able to create an account. But imagine my disappointment when I reached the requirement to provide the answer to a “security” question. Here were the choices:

Screen Shot 2019-04-11 at 5.25.15 PM

The answer to many of these questions is readily available (high school graduation date and mascot and undergraduate college, for example). For many people, whose wedding pictures are on Facebook, the location of their wedding reception is not a very well kept secret. And how much entropy would many of these questions (such as musical genre) have?

As is often the case, I don’t have a clue about how these questions/answers will be used: to reset a password, or will additional evidence be required for that? So, as usual, I gave a non-answer to one of the questions and continued.

The final disappointment was that there seems to be no option for two-factor authentication. Health data is often among the most sensitive data about a person, and there’s no excuse for a standard health portal not to have two-factor authentication at least as an option.

By the way, since I will never be using this as a security answer, my high school “mascot” is the Mountaineer.


Published by

Jim Fenton

I'm a networking technologist who likes to travel, bicycle, run, and various other things.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s