An IT guy's view of SoFla Mass Transit IT infrastructure

Today I received an email from Tri-Rail with the information I needed about my EDP member account and to sign up for the EDP program.

The instructions tell me to do the following.  I was really surprised when I generated my new password with LastPass that the Member passwords have a maximum length limit of only 5 characters!  At least this is better than Sunpass' four character pin code limit.  This and the consistent wordpress SQL errors that display on the webpage lead me to believe that the TriRail website could use some technical review.

To register and access the online feature, please visit the website at www.tri-rail.com and follow these simple steps:

1. Click Employer Discount Program
2. Select Member Login.
3. Go to First Time Users Box and type account number, create password and answer one of the validation questions, then press enter.
4. You will returned to the EDP Login page. Enter the account number and password in the first login box to access your EDP Member home page.

Some SQL errors on the TriRail Website indicate it needs some IT TLC.  Which made me curious about a few other security aspects of the Tri-Rail website and EDP tools.

But you do not need to worry about the "F" grade from SSLLABS.COM for the Tri-Rail SSL Certificates, the TriRail Member Login page is not secured with https/ssl, you need to worry that your password and other information is in the clear.  Not that Tri-Rail is sending much private information about you other than name, address, salary range, age, gender, race.