cancel
Showing results for 
Search instead for 
Did you mean: 

PSN and PN passwords

phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

PSN and PN passwords

Hi,  the recent debalce over Sony "losing" peoples usernames and passwords leads me to a question that's been niggling in my mind for a while....
Why do PN support operatives want to know my password when I call up?  This makes me concerned that they can also see my password (thus then using it to check I am who I say I am).
Login to the portal is protected by SSL so that the password is sent encrypted, so why do the support staff need to see my password?
Does this therefore mean that once in a hacker would have a trivial time stealing it back?
21 REPLIES
Plusnet Help Team
Plusnet Help Team
Posts: 13,536
Thanks: 252
Fixes: 69
Registered: ‎27-04-2007

Re: PSN and PN passwords

We ask  for characters from your password as this is a quick and efficient means of performing data protection checks. Also it's important we can see this in case customer's lose or forget their password.
I'd like to reassure you that passwords are protected and are secure. It's also worth bearing in mind that passwords aren't visible on accounts by default. Agents have access to a link to view the password, this access is logged which means that it's entirely accountable.
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Community Veteran
Posts: 1,101
Registered: ‎10-09-2010

Re: PSN and PN passwords

I have raised this issue repeatedly, PN believe that being able to access passwords is fine.
I believe them to be wrong.
The passwords need to be stored as hashes and totally inaccessible to the staff.
As far as I am concerned this is a serious security over sight.
If and when customers forget their passwords, as I'm sure they do, there should be other mechanism for generating new passwords.
Plusnet Help Team
Plusnet Help Team
Posts: 13,536
Thanks: 252
Fixes: 69
Registered: ‎27-04-2007

Re: PSN and PN passwords

Quote
there should be other mechanism for generating new passwords.

What form would you want to see this take if we did this?
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Community Gaffer
Community Gaffer
Posts: 17,667
Thanks: 659
Fixes: 163
Registered: ‎05-04-2007

Re: PSN and PN passwords

FFD
It's not just the forgetting of passwords, we need to be able to dial test as customers on occassion and test webspace access, FTP, email etc. Without being able to do this would add a huge support overhead and IMO lead to more annoyed customers that we can't help fully.
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Staff
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: PSN and PN passwords

New passwords sent out by pigeon.
That way we could have a new password and pigeon stew.
Or something that only remains valid for 24 hours (after first use) and has to be changed by the user, given over phone/text/pigeon/etc.
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
grudkin
Grafter
Posts: 169
Registered: ‎30-03-2009

Re: PSN and PN passwords

I don't believe this practice is uneque to plusnet!
Every ISP I have been with have asked for my password during calls I have made to them, Mobile phone networks are the same.
Community Veteran
Posts: 1,101
Registered: ‎10-09-2010

Re: PSN and PN passwords

Mobile phone networks request a password which is the password for accessing those services (i.e. the password requested is the password for the service you are accessing) the Plusnet password is the password for a whole lot more.
New passwords could be SMS's, sent by email, or delivered over the phone by CALLING the accounts registered number, or indeed by any means previously confirmed to be a method to contact the subscriber.
Having worked in tech support myself, I think for the most part "being able to access the users account" is mostly specious, but when it really is needed sometimes, a password reset can be done.
James
Grafter
Posts: 21,036
Registered: ‎04-04-2007

Re: PSN and PN passwords

44D - It's required a lot more than you would expect.
As a very rough guess, in the region of 5-10% of our calls are related to router setup, with a large proportion of those being down to forgotten passwords.
Whilst I appreciate your feedback and concern, our approach is unlikely to change.
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: PSN and PN passwords

I thought the routers were self configuring now. Or are those only new/PN supplied ones that do that?
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
James
Grafter
Posts: 21,036
Registered: ‎04-04-2007

Re: PSN and PN passwords

We still get a lot of customers who choose to keep their existing hardware when moving to us from another supplier.
The majority of our routers do self configure though.
Then you have the problem with people experiencing difficulties setting up email.  We can't then send them an email with their password and not everyone has a mobile.
I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: PSN and PN passwords

or to put another way James if you did not check, I could phone in, give the persons username and do a right screw up of their account, then they would really start SCREAMING
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: PSN and PN passwords

Quote from: _Adam_Walker_
We ask  for characters from your password as this is a quick and efficient means of performing data protection checks.

Hi, I'd like to confirm this is incorrect, I have experience more than once, your support agents asking for my full password.
Though it seems the above is pretty irrelevant as you feel it is necessary to allow people access to passwords.
Just my opinion, but I disagree, and here's a little about why:
Through my professional experience I've come across scenarios before where people have told me that they "must know" the users passwords to do all manner of things.
Very easily we changed this, by hashing the passwords, and allowing the support people to reset them when needed.  That way no one ever needed to know anyone's password.
This system is now used by banks big and small, and has been through the SOX process also.
Quote from: Jameseh
I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.

While it may be "normal" it doesn't mean it's right thing to do.
James
Grafter
Posts: 21,036
Registered: ‎04-04-2007

Re: PSN and PN passwords

May be worth adding that our support centre staff cannot see your full billing details.
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: PSN and PN passwords

That's a good thing.   Are they stored encrypted?  I hope so.
adie:quote