cancel
Showing results for 
Search instead for 
Did you mean: 

Login Failures - follow up to post in service info board

Highlighted
Rix
Newbie
Posts: 2
Thanks: 1
Registered: ‎14-03-2011

Login Failures - follow up to post in service info board

There is a post on the service info board about there being login failures due to certain special characters not being accepted in the password field of the new login form.

The post goes on to advise that customers should reset their passwords and avoid these characters.

I am sorry but this is absolutely unacceptable. An "upgrade" or "refresh" should not break existing functionality this is an absolute in application development and only demonstrates a lack of regard to best practice and hence programming discipline, testing and managerial oversight of your development team. As a former developer myself, I am shocked that such an error has been allowed to be propogated into a live system, let alone a customer facing system that irredemiably locks the customer out of their account!

To suggest a password reset, without a reminder of the implications at the very least, is crass beyond belief. The account password is used everywhere. Well not quite, but the consequences of changing it are wide ranging.  Apart from being used to log into the customer account portal, the same password is used for the customer's router login.  Change the password and suddenly no internet - and no access to find an explanation and resolution.  Oops!  Suddenly CS telephones begin to ring [except they don't because you no longer provide 24/7 support, another source of frustration].  Not only is the router locked out until the password is reset but the password is used for the default email account. So now the frustration of finding where to change the password in all the email clients on all your varied devices.  Inconvenient is hardly an adequate description is it?

I sincerely hope the fix is completed by Monday, although had such a grossly negligent piece of coding been allowed to slip past the checks and testing at my previous place of employ there would have been copious consumption of coffee [other caffeine laden beverages were also available] and work would have continued throughout the night and the weekend, at least until a servicable workaround was in place - e.g. a rollback or access to the previous portal page.

Passwords generated by a random password generator, that include special characters, have been a fundamental part of my password strategy for many years. I have no intention of reducing the possible password combinations by excluding otherwise valid special characters.  That checks were not done to ensure that those characters chosen to be excluded were not already in use by any of your 3/4 million customers beggars belief.

By the way, the same bug also affects the login to these forums - it took me 15 seconds to test.

3 REPLIES 3
Community Gaffer
Community Gaffer
Posts: 3,165
Thanks: 5,285
Fixes: 107
Registered: ‎29-09-2011

Re: Login Failures - follow up to post in service info board


Hi @Rix and thanks for your feedback. I'll answer your points below, whilst making sure your views reach the relevant people.

 

@Rix wrote:

I am sorry but this is absolutely unacceptable. An "upgrade" or "refresh" should not break existing functionality this is an absolute in application development and only demonstrates a lack of regard to best practice and hence programming discipline, testing and managerial oversight of your development team. As a former developer myself, I am shocked that such an error has been allowed to be propogated into a live system, let alone a customer facing system that irredemiably locks the customer out of their account!

We're absolutely in agreement that this shouldn't have happened, but we're only human and sometimes we make mistakes. We will of course profile this incident and look into how this happened and what testing we did that missed it.

 

To suggest a password reset, without a reminder of the implications at the very least, is crass beyond belief. The account password is used everywhere. Well not quite, but the consequences of changing it are wide ranging.  Apart from being used to log into the customer account portal, the same password is used for the customer's router login.  Change the password and suddenly no internet - and no access to find an explanation and resolution.  Oops! 

When you change your password, it will automatically, if you're connected to the internet change your router's password.

We also warn about it, quite clearly here before you change the password

PWR.png

And after you submit a warning box comes up saying

 

PWRW.png

We even provide a guide for them to view before changing the password in the event that their router isn't connected.

 

Not only is the router locked out until the password is reset but the password is used for the default email account.

So now the frustration of finding where to change the password in all the email clients on all your varied devices. 

As frustrating as that can be, webmail remains usable if customers absolutely need immediate access to their mail, or they can follow one of the client set up guides on these boards or elsewhere as we've already established that they will have access to the internet.

 

Inconvenient is hardly an adequate description is it?

It's a pain I grant you, and it's certainly an inconvenience that customers shouldn't have to experience, but personally, I don't think it's as bad as you are making out here.

 

I sincerely hope the fix is completed by Monday,

The fix has actually rolled now, we baked in a little extra time, as is prudent in case upon investigation further difficulties/testing issues arose. Imagine if we'd have said it would be rolled by 11:30am Friday, and it hadn't had been.

 

By the way, the same bug also affects the login to these forums - it took me 15 seconds to test.


Interesting, my password contains special characters and works fine. I'll test a few variations. Thanks for letting me know.

 Jono H
 Plusnet Community Manager
Superuser
Superuser
Posts: 14,503
Thanks: 5,505
Fixes: 31
Registered: ‎22-08-2007

Re: Login Failures - follow up to post in service info board

When you change your password, it will automatically, if you're connected to the internet change your router's password.

Am I correct in believing that is only true for Plusnet routers supplied direct to the account holder and registered on the account?

In other words, if the user has their own router or has acquired a Plusnet router previously used by and still registered to another account, the password will not be updated automatically?

Plusnet Help Team
Plusnet Help Team
Posts: 285
Thanks: 54
Fixes: 18
Registered: ‎25-02-2019

Re: Login Failures - follow up to post in service info board

Hi @Townman,

 

That's correct, it will automatically update the password if you have a Plusnet router. If a user has a third party router, they will have to update the router manually with the new password.

If this post resolved your issue please click the 'This fixed my problem' button
 Faris N
 Plusnet Help Team