Search
Back

Audit reveals abysmal security in state eLicensing system

State auditors harshly criticized a website used by licensed professionals across the state to apply for and maintain for credentials, saying accounts were easily hacked because of weak password requirements.

The Auditors of Public Accounts faulted the eLicensing system, which controls more than 600 different professional licenses, permits and registrations, for multiple security failures including one not disclosed in the audit because of its “sensitive nature.”

The Department of Administrative Services manages the eLicensing system.

The audit revealed that in a sample of 161 different users, there were only 17 different passwords and 103 of them used the same password. The auditors were able to “hack” into 155 of the 161 different users just by using a Google search.

According to the auditor’s report, the poor password controls could enable users to guess the passwords of other users and “it is likely that some would be successful” potentially allowing access to personal information.

Several issues were cited in regard to login and password information: there were no length or complexity requirements for passwords, the passwords never expire and people could use their login name as their password.

It also showed that none of the five state agencies that use the system had any written policies or procedures for “related to creating, modifying, or deleting user accounts.” This was cited as another potential security issue that could allow access to personal information. Ten active accounts were found for users who had been terminated from related employment for several years. There were also 190 active accounts that had never been used, according to the report.

The eLicense system, managed by DAS, handles licenses across a number of state agencies such as the Department of Health, Department of Consumer Protection and the Department of Agriculture.

The state of Connecticut has experienced unforeseen issues related to other online systems. The Department of Motor Vehicles’ rollout of a new online registration system in 2015 created long wait lines, false vehicle registration expirations and missing vehicle registrations from town property tax lists. The DMV is now also expanding its role in voter registration due to a federal mandate.

Groups as diverse as the Obama administration to Libertarian think-tanks such as the Institute for Justice have urged state lawmakers to pull back on professional licensing requirements, claiming they act as barriers to employment access. The White House, in a press release, stated “Research shows that licensing can not only reduce total employment in licensed professions, but also that unlicensed workers earn roughly 7 percent lower wages than licensed workers with similar levels of education, training, and experience.”

DAS agreed with the findings of the auditor’s and said they would try to update security issues related to the licensing.

State Troopers doubling pay with overtime due to staffing shortage, as state braces for mass retirements

An audit of the Department of Emergency Services and Public Protection found that 56 percent of state troopers singled out for review earned more than 100 percent of their base salary through overtime. “These employees’ base salaries ranged from $44,129 to $83,137, while overtime ranged from $50,968 to $190,677,” the ...

Read More

Gov. Lamont announces new website for Connecticut’s paid family and medical leave program

Gov. Ned Lamont announced in a press release a new website aimed at helping Connecticut residents navigate the state’s paid family and medical leave program, which is set to being in January of 2021. “No one should have to choose between caring for their family when they need it most, ...

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

SIGN UP TO RECEIVE OUR NEWSLETTER