cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security issue

leonaplusnet
Newbie
Posts: 7
Registered: ‎11-01-2016

Security issue

‎13-01-2016 7:12 PM

Hi,
I have just signed up to plusnet
I got an letter today giving my account details.
What worries me is that part of my password is printed in the letter, passwords should not be retrievable, they should be encoded and salted and used to compare, Not decoded and part printed in letters, after TalkTalks hack this gives me great concern.
Also printed as 'Password Hint', I was never asked for one, nor is there a place to insert one in the control panel, but again instead of the password hint bring printed, part of the actual password is.
Thankfully I use a password generator to create my passwords so this password will not be used anywhere else, but I don't expect to see it decoded and printed in a letter!
This is bad practice Plusnet, stop it now!
Message 1 of 4
(1,374 Views)
0 Thanks
3 REPLIES 3
rmcg
Hooked
Posts: 8
Thanks: 4
Registered: ‎02-03-2017

Re: Security issue

‎02-03-2017 2:50 PM

I just logged in to post exactly the same thing. I had a call from PN to ask how I was enjoying the service so far and as part of the call they required me to confirm two characters from my password.

I was very surprised that the service rep had access to view my password and asked why this was the case. I told her that I would have expected passwords to be stored in a hashed and salted manner, and therefore there should be no way for her to confirm any password characters. She said that all PN reps could see the plain text passwords Sad

I suggested that this was pretty insecure and mentioned a couple of the well known telecoms data leaks. But it's okay she said... "we all have to log in with our own usernames and passwords before we can see yours, therefore it is very secure".

Really not feeling too confident in PN's security model. Are my bank account, personal details and credit card details also stored in plain text for any reps to view, and to be sucked up through a potential data leakage event????

I know this is a community forum but I also know that PN reps have a look now and again. Perhaps someone from PN could chime in and let us know what the thinking behind storing plain text passwords is?

Message 2 of 4
(655 Views)
0 Thanks
Mav
Moderator
Moderator
Posts: 22,392
Thanks: 4,736
Fixes: 515
Registered: ‎06-04-2007

Re: Security issue

‎02-03-2017 4:26 PM

@rmcg

JonoH replied to your post here.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Message 3 of 4
(635 Views)
0 Thanks
rmcg
Hooked
Posts: 8
Thanks: 4
Registered: ‎02-03-2017

Re: Security issue

‎02-03-2017 4:33 PM

Cheers, saw that.

Message 4 of 4
(627 Views)
0 Thanks