cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet password visible to call centre staff

Anonymous
Not applicable

Re: Plusnet password visible to call centre staff

@'Tulner' - So if I understand you correctly, what you are saying is  -

Grin
VileReynard
Hero
Posts: 12,616
Thanks: 579
Fixes: 20
Registered: ‎01-09-2007

Re: Plusnet password visible to call centre staff

Everyone who speaks to Plusnet does not have connectivity problems.
Why not just ask for their account number user name?
You could obtain their IP address from this, if you need to carry out a connection test.

"In The Beginning Was The Word, And The Word Was Aardvark."

jelv
Seasoned Hero
Posts: 26,785
Thanks: 965
Fixes: 10
Registered: ‎10-04-2007

Re: Plusnet password visible to call centre staff

You obviously don't understand what a connection test is!
It is where, on a test telephone line, Plusnet connect using the users credentials in the router. To do this they need the users ADSL login name and password. They'd do a test link this when the user is reporting their traffic isn't being shaped correctly (e.g. they'd gone over their allowance and paid for the extra but were still having their speeds restricted).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
VileReynard
Hero
Posts: 12,616
Thanks: 579
Fixes: 20
Registered: ‎01-09-2007

Re: Plusnet password visible to call centre staff

Quote from: jelv
You obviously don't understand what a connection test is!

And if a connection test is not needed?

"In The Beginning Was The Word, And The Word Was Aardvark."

Luzern
Hero
Posts: 4,823
Thanks: 872
Fixes: 9
Registered: ‎31-07-2007

Re: Plusnet password visible to call centre staff

Though I can see that the OP believes he is justified in his opinion, I also believe that fears like his are unjustified. The near paranoia about security breaches has built up through the sensationalism of our national press.
Think about how much is known of a person like a doctor, revenue official etc. All such are under a duty of confidentiality and so would be the Plusnet staff.
Not to accept that one needs some trust in persons under such duty, leaves the ultra untrusting person in a sad position. We have to take some risks.
As to the OP's particular point. he/she could just change the password after the conversation,
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Chris
Legend
Posts: 17,724
Thanks: 597
Fixes: 169
Registered: ‎05-04-2007

Re: Plusnet password visible to call centre staff

Quote from: avatastic
Every access to your password is logged by the system, so there is always a record of when a CSC Agent has had to look at it.
Additionally the passwords are probably stored encrypted but in a way that can be decrypted (rather than being stored as a one-way hash).
I believe it has also been said in the past the the systems used to store the passwords/retreive them are only accessible from an internal VPN and aren't directly connected to the internet.
This pops up from time to time, so I hope I've remembered everything!
Cheers,
A.

Pretty much nail on head there.
I understand peoples concerns with this, but we do monitor who is looking at passwords (the CSC actually should only ask for 2 random characters that are decrypted and displayed to them).
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Mayfly
All Star
Posts: 1,560
Thanks: 417
Fixes: 1
Registered: ‎04-06-2009

Re: Plusnet password visible to call centre staff

That's what I was told when I spoke to customers services some time ago - I was asked for 2 characters and I asked if he could see my password,  he said no only the 2 characters he asked for.
RobPN
Seasoned Hero
Posts: 5,204
Thanks: 2,730
Fixes: 13
Registered: ‎17-05-2013

Re: Plusnet password visible to call centre staff

I might be wide of the mark here, but someone earlier in the thread asked what a malicious member of staff could do it they knew the complete password.  Well I can think of several things, some of which could actually cause the account holder to be accused of acts which they hadn't done, and maybe even be convicted and sentenced for such acts.
One possibility I'm particularly thinking of above is what if a staff member logged on as the unfortunate account holder from another plusdsl realm account (which as you know is quite possible)?  Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder.  I'll leave it to your imagination as to what activities could be carried out.
Wulfy
Grafter
Posts: 59
Registered: ‎01-08-2013

Re: Plusnet password visible to call centre staff

Rob in that instance mac address's shouldn't match Smiley
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,923
Thanks: 5,001
Fixes: 317
Registered: ‎04-04-2007

Re: Plusnet password visible to call centre staff

Quote from: RobPN
One possibility I'm particularly thinking of above is what if a staff member logged on as the unfortunate account holder from another plusdsl realm account (which as you know is quite possible)?  Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder.

Yes, however the RADIUS session would be associated with the perpetrator's circuit ID and not that of the actual account holder. In short, we'd know which line the account was being used from.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

RobPN
Seasoned Hero
Posts: 5,204
Thanks: 2,730
Fixes: 13
Registered: ‎17-05-2013

Re: Plusnet password visible to call centre staff

Quote from: Wulfy
Rob in that instance mac address's shouldn't match Smiley

I believe MAC Addresses can be spoofed easily enough.  Wink

Quote from: Bob
Quote from: RobPN
  Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder.

Yes, however the RADIUS session would be associated with the perpetrator's circuit ID and not that of the actual account holder. In short, we'd know which line the account was being used from.

OK, fair enough Bob.  As I said above, I thought I was probably wide of the mark.  Smiley
Wulfy
Grafter
Posts: 59
Registered: ‎01-08-2013

Re: Plusnet password visible to call centre staff

The way i look at it is this (and as a customer)
Your always recommended to use a different password for everything... why should your isp be any different? Use a random password for each account and all is well in the world job jobbed.
I knew my password was visible to the staff and quiet frankly working in a call centre the last thing i would be worried about would be taking a customers password..... Your closing cases to quickly to actually take these details down and ask yourself... what could they use it for if they did? effort v reward comes into play and to spoof a mac address is fine, to spoof it to the correct one would be the cleaver trick
VileReynard
Hero
Posts: 12,616
Thanks: 579
Fixes: 20
Registered: ‎01-09-2007

Re: Plusnet password visible to call centre staff

Of course, it is absolutely impossible for these plain text passwords to be harvested by someone with external "evil" intentions.
They are not even stored as a secure one-way hash.
Sooner or later...

"In The Beginning Was The Word, And The Word Was Aardvark."

RobPN
Seasoned Hero
Posts: 5,204
Thanks: 2,730
Fixes: 13
Registered: ‎17-05-2013

Re: Plusnet password visible to call centre staff

Quote from: vilefoxdemonofdoom
They are not even stored as a secure one-way hash.
Sooner or later...

..... which brings back memories of the PlusNet email-hack fiasco of a few years ago .....  Sad
Anonymous
Not applicable

Re: Plusnet password visible to call centre staff