Ironically, this system resulted in lots of insecurity.
Password resets were so common the govt agency OUTSOURCED them - and you just had to provide your username to get it reset. Literally, you called and said I need a password reset for account X, and they gave you a temp password over the phone.
I never complained about how easy this was because this was a CRITICAL feature. Sometimes we didn't even know why a password wasn't working - so after you got done with whatever client came in you called the number and got a new one.
So it's really security theatre + the security provided by the massive annoyance of setting up old internet explorer to login and all the other silliness (which really was security, we were not alone in struggles, they kept on having to do paper backup systems when stuff went down).
I often thought that a hacker could probably make all our lives easier by figuring out a way around the double VPN.
This was a long time ago though (10+ years) and I have to believe better now.
Password resets were so common the govt agency OUTSOURCED them - and you just had to provide your username to get it reset. Literally, you called and said I need a password reset for account X, and they gave you a temp password over the phone.
I never complained about how easy this was because this was a CRITICAL feature. Sometimes we didn't even know why a password wasn't working - so after you got done with whatever client came in you called the number and got a new one.
So it's really security theatre + the security provided by the massive annoyance of setting up old internet explorer to login and all the other silliness (which really was security, we were not alone in struggles, they kept on having to do paper backup systems when stuff went down).
I often thought that a hacker could probably make all our lives easier by figuring out a way around the double VPN.
This was a long time ago though (10+ years) and I have to believe better now.