Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Account Passwords
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Account/Billing
- :
- Account Passwords
Account Passwords
02-02-2016 11:35 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I just contacted support about a house move and the support call handler requested two letters from my password as a security confirmation.
Absolutely nobody at Plusnet should be able to see any characters from my password, because it should be stored as a salted one-way cryptographic hash.
Here's how the conversation went.
OP: It's just a security question
ME: But you shouldn't know my password.
OP: It's only for your account security.
ME: but many people use the same passwords for different things.
OP: but how would I know that?
ME: You don't need to know it you can just try it
OP: How would I try it?
ME: You have my e-mail address, my name, my phone number, my actual address, a user name and my bank account details.
OP: yes but we can't use that. Everything we do here is monitored.
ME: but you could store that information in, say your brain and try it out later?
OP: er..well yes
ME: Is there anything else you can use as a security question?
and apparently there was...
So I did some searching online and found a worrying article from The Register http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/ and several blog posts including some unsatisfactory responses from plusnet.
I am thinking of making a complaint to the ICO regarding improper storage of personal information, but as part of that process you need to try and contact the organisation concerned. This left me going around the support site in circles, there now seems to be no way to submit a support ticket? I don't want to hang about on the phone, but if I did there is no way that conversation would get me to the right person to ask about the technicalities of secure database storage.
So several things....
1) Never use your plusnet password for anything else (this is good practice anyway)
2) Don't give them letters from your password - they have other questions they can ask
3) How do I submit a support ticket these days?
Jan
BSc (hons) Soft. Eng.
Absolutely nobody at Plusnet should be able to see any characters from my password, because it should be stored as a salted one-way cryptographic hash.
Here's how the conversation went.
OP: It's just a security question
ME: But you shouldn't know my password.
OP: It's only for your account security.
ME: but many people use the same passwords for different things.
OP: but how would I know that?
ME: You don't need to know it you can just try it
OP: How would I try it?
ME: You have my e-mail address, my name, my phone number, my actual address, a user name and my bank account details.
OP: yes but we can't use that. Everything we do here is monitored.
ME: but you could store that information in, say your brain and try it out later?
OP: er..well yes
ME: Is there anything else you can use as a security question?
and apparently there was...
So I did some searching online and found a worrying article from The Register http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/ and several blog posts including some unsatisfactory responses from plusnet.
I am thinking of making a complaint to the ICO regarding improper storage of personal information, but as part of that process you need to try and contact the organisation concerned. This left me going around the support site in circles, there now seems to be no way to submit a support ticket? I don't want to hang about on the phone, but if I did there is no way that conversation would get me to the right person to ask about the technicalities of secure database storage.
So several things....
1) Never use your plusnet password for anything else (this is good practice anyway)
2) Don't give them letters from your password - they have other questions they can ask
3) How do I submit a support ticket these days?
Jan
BSc (hons) Soft. Eng.
Message 1 of 2
(932 Views)
1 REPLY 1
Re: Account Passwords
02-02-2016 12:34 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Complaints procedure is here http://www.plus.net/support/service/policies/complaints_code_of_practice.shtml?source=keymatch
Good luck as this topic has been discussed to death here and Plusnet aren't going to change it.
Good luck as this topic has been discussed to death here and Plusnet aren't going to change it.
Ex - Plusnet Customer (2009 - 2023) now with BT
Message 2 of 2
(397 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page