cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSN and PN passwords

phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

PSN and PN passwords

‎27-04-2011 12:56 PM

Hi,  the recent debalce over Sony "losing" peoples usernames and passwords leads me to a question that's been niggling in my mind for a while....
Why do PN support operatives want to know my password when I call up?  This makes me concerned that they can also see my password (thus then using it to check I am who I say I am).
Login to the portal is protected by SSL so that the password is sent encrypted, so why do the support staff need to see my password?
Does this therefore mean that once in a hacker would have a trivial time stealing it back?
Message 1 of 22
(2,783 Views)
Reply
0 Thanks
21 REPLIES 21
adamwalker
Plusnet Help Team
Plusnet Help Team
Posts: 16,872
Thanks: 882
Fixes: 221
Registered: ‎27-04-2007

Re: PSN and PN passwords

‎27-04-2011 1:16 PM

We ask  for characters from your password as this is a quick and efficient means of performing data protection checks. Also it's important we can see this in case customer's lose or forget their password.
I'd like to reassure you that passwords are protected and are secure. It's also worth bearing in mind that passwords aren't visible on accounts by default. Agents have access to a link to view the password, this access is logged which means that it's entirely accountable.
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Message 2 of 22
(822 Views)
Reply
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: PSN and PN passwords

‎27-04-2011 1:20 PM

I have raised this issue repeatedly, PN believe that being able to access passwords is fine.
I believe them to be wrong.
The passwords need to be stored as hashes and totally inaccessible to the staff.
As far as I am concerned this is a serious security over sight.
If and when customers forget their passwords, as I'm sure they do, there should be other mechanism for generating new passwords.
Message 3 of 22
(822 Views)
Reply
0 Thanks
adamwalker
Plusnet Help Team
Plusnet Help Team
Posts: 16,872
Thanks: 882
Fixes: 221
Registered: ‎27-04-2007

Re: PSN and PN passwords

‎27-04-2011 1:26 PM

Quote
there should be other mechanism for generating new passwords.

What form would you want to see this take if we did this?
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Message 4 of 22
(822 Views)
Reply
0 Thanks
Chris
Legend
Posts: 17,724
Thanks: 600
Fixes: 169
Registered: ‎05-04-2007

Re: PSN and PN passwords

‎27-04-2011 1:32 PM

FFD
It's not just the forgetting of passwords, we need to be able to dial test as customers on occassion and test webspace access, FTP, email etc. Without being able to do this would add a huge support overhead and IMO lead to more annoyed customers that we can't help fully.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Message 5 of 22
(822 Views)
Reply
0 Thanks
avatastic
Grafter
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: PSN and PN passwords

‎27-04-2011 1:32 PM

New passwords sent out by pigeon.
That way we could have a new password and pigeon stew.
Or something that only remains valid for 24 hours (after first use) and has to be changed by the user, given over phone/text/pigeon/etc.
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
Message 6 of 22
(822 Views)
Reply
0 Thanks
grudkin
Grafter
Posts: 169
Registered: ‎30-03-2009

Re: PSN and PN passwords

‎27-04-2011 1:40 PM

I don't believe this practice is uneque to plusnet!
Every ISP I have been with have asked for my password during calls I have made to them, Mobile phone networks are the same.
Message 7 of 22
(822 Views)
Reply
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: PSN and PN passwords

‎27-04-2011 1:56 PM

Mobile phone networks request a password which is the password for accessing those services (i.e. the password requested is the password for the service you are accessing) the Plusnet password is the password for a whole lot more.
New passwords could be SMS's, sent by email, or delivered over the phone by CALLING the accounts registered number, or indeed by any means previously confirmed to be a method to contact the subscriber.
Having worked in tech support myself, I think for the most part "being able to access the users account" is mostly specious, but when it really is needed sometimes, a password reset can be done.
Message 8 of 22
(822 Views)
Reply
0 Thanks
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: PSN and PN passwords

‎27-04-2011 1:59 PM

44D - It's required a lot more than you would expect.
As a very rough guess, in the region of 5-10% of our calls are related to router setup, with a large proportion of those being down to forgotten passwords.
Whilst I appreciate your feedback and concern, our approach is unlikely to change.
Message 9 of 22
(822 Views)
Reply
0 Thanks
avatastic
Grafter
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: PSN and PN passwords

‎27-04-2011 2:00 PM

I thought the routers were self configuring now. Or are those only new/PN supplied ones that do that?
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
Message 10 of 22
(822 Views)
Reply
0 Thanks
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: PSN and PN passwords

‎27-04-2011 2:03 PM

We still get a lot of customers who choose to keep their existing hardware when moving to us from another supplier.
The majority of our routers do self configure though.
Then you have the problem with people experiencing difficulties setting up email.  We can't then send them an email with their password and not everyone has a mobile.
I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.
Message 11 of 22
(822 Views)
Reply
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: PSN and PN passwords

‎27-04-2011 2:08 PM

or to put another way James if you did not check, I could phone in, give the persons username and do a right screw up of their account, then they would really start SCREAMING
Message 12 of 22
(823 Views)
Reply
0 Thanks
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: PSN and PN passwords

‎27-04-2011 2:22 PM

Quote from: _Adam_Walker_
We ask  for characters from your password as this is a quick and efficient means of performing data protection checks.

Hi, I'd like to confirm this is incorrect, I have experience more than once, your support agents asking for my full password.
Though it seems the above is pretty irrelevant as you feel it is necessary to allow people access to passwords.
Just my opinion, but I disagree, and here's a little about why:
Through my professional experience I've come across scenarios before where people have told me that they "must know" the users passwords to do all manner of things.
Very easily we changed this, by hashing the passwords, and allowing the support people to reset them when needed.  That way no one ever needed to know anyone's password.
This system is now used by banks big and small, and has been through the SOX process also.
Quote from: Jameseh
I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.

While it may be "normal" it doesn't mean it's right thing to do.
Message 13 of 22
(823 Views)
Reply
0 Thanks
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: PSN and PN passwords

‎27-04-2011 2:51 PM

May be worth adding that our support centre staff cannot see your full billing details.
Message 14 of 22
(823 Views)
Reply
0 Thanks
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: PSN and PN passwords

‎27-04-2011 3:01 PM

That's a good thing.   Are they stored encrypted?  I hope so.
adie:quote
Message 15 of 22
(823 Views)
Reply
0 Thanks