Monday 21st April 2014Login | Register
Pages: [1]

PlusNet Login Details - Variation Please

« on 25/10/2008, 08:55 »
Hi,

to improve the security of both customer network and customer information, I would like to suggest that PlusNet have different username and password combinations for the ADSL router login and, or, account mangement.

At the moment, a router's username and password are too much like the customer's PlusNet account login. Either by design or, by user omission, not all routers are as secure at holding their information as they should be. Which I believe is a potential risk to all customer's data security. Furthermore, as everyone's personal domain names are shared in the public domain, it does not take rocket science to figure out one-half of the login combination!

From what I have seen elsewhere, PlusNet is probably the only ISP that has the same login values for router and customer administration.

Maybe customers could have the option to assign an alias login code for their ADSL router and, account management?

Regards,

Thunderclap

Edit: Thanks for your feedback guys. Indeed, my router of a well respected brand does indeed, store my PN password in clear text in the config.bak file. The issue is that although tech-heads may apply multi-layer asymetric DES encryption to just about everything in Middle Earth, the average family user will not even know what encryption is. Let alone why it is? I believe that by aggregating router login, customer account login and public domain names under the same value is not as secure as it could be for all users.

Thunderclap AKA Hey, you really think I'm going to give out my real PN name?


BTW I'd still recommend PN to a friend.

« Last Edit: 25/10/2008, 11:27 by Thunderclap »

Logged
  • Oldjim
  • Forum Moderator
  • Posts: 26261
  • View Profile
« Reply #1 on 25/10/2008, 09:48 »
i must admit to being a bit confused.
My router login is totally different and additional to the login for Plusnet ADSL service also the Plusnet login in the router is hidden - I don't know how easy it is to extract that.
Jim

Old Harry Rocks
Logged
  • CWNA
  • Posts: 4614
  • Quis custodiet ipsos custodes?
  • View Profile
« Reply #2 on 25/10/2008, 10:21 »
I can sort of see Thunderclaps point, many routers can backup their settings as a plain text file, this will include your ADSL username and password.

If you have left your router password as default and have remote administration enabled, it is possible to find another users portal login details.

But it does rely on not following basic security precautions, of changing your router password and only enabaling remote administration if it is required (and using as `secure` a password as possible).
CWNA ACMA VRCT
Logged
  • Oldjim
  • Forum Moderator
  • Posts: 26261
  • View Profile
« Reply #3 on 25/10/2008, 10:27 »
Your right - creating a backup with my [Censored] has everything in plain text

cp:green In hindsight best not to give out brand names. ][/color][/size]

« Last Edit: 25/10/2008, 10:34 by chillypenguin »

Jim

Old Harry Rocks
Logged
  • CWNA
  • Posts: 4614
  • Quis custodiet ipsos custodes?
  • View Profile
« Reply #4 on 25/10/2008, 10:38 »
Jim, I have removed the example brand name for our posts, as it isn't a great idea to publish which brands of router have this weakness feature.

I know that the brand we have discussed are aware of this `feature` as their professional versions don't save the passwords in the config file.
CWNA ACMA VRCT
Logged
Pages: [1]
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites