CareerCon

Today(11/18/2025) my school hosted a career fair, and I had a funny little security/tech moment at one of the booths. The rep asked me to sign in to their system using Handshake. My email worked, but my password kept failing. To double-check, I logged into the official Handshake site in front of her and showed that my password was correct there, so I knew the issue wasn’t on my side. As I kept trying to log in, I asked her, “Where are you actually getting this email and password from?” She said something like, “Oh, they send it to us and then we send it to IT and then to the site.” That didn’t really answer my question, so I kept digging because I wanted to understand their credential pipeline and how they were validating my password. Eventually she mentioned that they get the password from John Jay. That’s when it clicked: “Oh, you’re using my school credentials, not my Handshake credentials.” So I tried logging into the VMock site (the one they actually wanted me to use) with my school password instead of my Handshake password and it worked immediately. I walked her through my thought process, and it suddenly made sense to her too. She was also surprised that I knew how to use the browser’s developer tools to reveal the hidden password field and prove what I was typing. Overall, it was a cool little experience that combined a career event, some basic security awareness, and a bit of troubleshooting and I thought it was worth sharing.