Originally Posted by
Alaska F/A
OK this will be my last comment on this topic as this clearly is a "general public" and "employee" issue (with only my coworkers seeing my side).
Can anyone tell me why *I* should feel comfortable with my (along with my coworker's) information on a website, a site meant for employees, yet that same site being accessed with no control to the opening screen(s) by the general public?
If it was up to me I would migrate the employee information site over to some newly named (and securely controlled) site which is password protected from the get go to reduce the ability of the general public to have access. Will this PREVENT a serious hacker? No (c'mon folks, I'm not THAT naive) but it certainly would slow someone down.
Why anyone in the general public feels an entitlement to access a site specifically for company employees is beyond me. This would be comparable to anyone here (non AS/QX employee of course) having their employee designated information site being read by any and all members of the general public with zero control as to who accessed the site.
Effective March 15th, this really is a moot point so I have nothing else to add except this. Others may disagree thinking there is some sinister reasoning behind it. I applaud the change wondering what took them so long.
Maybe we're missing something here, but I don't think so. Your personal information (name, SSN, pay, insurance specifics) are not currently available without some form of a password/login combo (whether that indicates secure or not is another question..). Currently accessible without login/pw is a bunch of generic information that is helpful to employees/etc of AS, and marginally useful to others outside the company. If this marginal information includes things like generic pay grades, insurance benefits, and so on (where there is no information that ties one person to it) then there is no personal information of yours accessible to me/bob/jane. Addition of a login requirement for this marginal information in NO WAY improves the security of your personal information. You'll still need your original personal login information to access your personal info.
Now, if the case is that currently I can hop skip and click my way into the website and get all your personal information without any form of identification then yes, a login should be required. BUT THIS IS NOT THE CASE. If I am wrong please correct me and prove it to me.
Personally, I don't care if they restrict alaska world or not. However, I think that Alaska F/A is grossly misinformed as to the security of your data - it is unfortunate that you've been the victim of identity theft but it is most likely due to incorrect assumptions exactly like the ones I think that you're making above - ones that many many many people make.
**and a note on the marginal information including pay grades - for many companies and govt this is widely available and relatively inconsequential to people's lives if it is known or not. However, if every pilot made x and only made x, and every FA made y and only made y, perhaps a different case could be made but I suspect that pay grades are dependent on more things than simply title (ie hours worked, for one).