Plusnet password visible to call centre staff
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Plusnet password visible to call centre staff
Re: Plusnet password visible to call centre staff
10-09-2013 10:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet password visible to call centre staff
10-09-2013 11:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Why not just ask for their
You could obtain their IP address from this, if you need to carry out a connection test.
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Plusnet password visible to call centre staff
11-09-2013 12:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It is where, on a test telephone line, Plusnet connect using the users credentials in the router. To do this they need the users ADSL login name and password. They'd do a test link this when the user is reporting their traffic isn't being shaped correctly (e.g. they'd gone over their allowance and paid for the extra but were still having their speeds restricted).
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Plusnet password visible to call centre staff
11-09-2013 1:17 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv You obviously don't understand what a connection test is!
And if a connection test is not needed?
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Plusnet password visible to call centre staff
11-09-2013 8:02 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Think about how much is known of a person like a doctor, revenue official etc. All such are under a duty of confidentiality and so would be the Plusnet staff.
Not to accept that one needs some trust in persons under such duty, leaves the ultra untrusting person in a sad position. We have to take some risks.
As to the OP's particular point. he/she could just change the password after the conversation,
Re: Plusnet password visible to call centre staff
11-09-2013 9:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: avatastic Every access to your password is logged by the system, so there is always a record of when a CSC Agent has had to look at it.
Additionally the passwords are probably stored encrypted but in a way that can be decrypted (rather than being stored as a one-way hash).
I believe it has also been said in the past the the systems used to store the passwords/retreive them are only accessible from an internal VPN and aren't directly connected to the internet.
This pops up from time to time, so I hope I've remembered everything!
Cheers,
A.
Pretty much nail on head there.
I understand peoples concerns with this, but we do monitor who is looking at passwords (the CSC actually should only ask for 2 random characters that are decrypted and displayed to them).
Re: Plusnet password visible to call centre staff
11-09-2013 9:53 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet password visible to call centre staff
11-09-2013 10:07 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
One possibility I'm particularly thinking of above is what if a staff member logged on as the unfortunate account holder from another plusdsl realm account (which as you know is quite possible)? Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder. I'll leave it to your imagination as to what activities could be carried out.
Re: Plusnet password visible to call centre staff
11-09-2013 12:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet password visible to call centre staff
11-09-2013 12:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: RobPN One possibility I'm particularly thinking of above is what if a staff member logged on as the unfortunate account holder from another plusdsl realm account (which as you know is quite possible)? Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder.
Yes, however the RADIUS session would be associated with the perpetrator's circuit ID and not that of the actual account holder. In short, we'd know which line the account was being used from.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Plusnet password visible to call centre staff
11-09-2013 1:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Wulfy Rob in that instance mac address's shouldn't match
I believe MAC Addresses can be spoofed easily enough.
Quote from: Bob
Quote from: RobPN Surely the IP address for that connection (static or dynamic) would be logged against the account in question, and any dodgy online activity would then be traceable back to the account holder.
Yes, however the RADIUS session would be associated with the perpetrator's circuit ID and not that of the actual account holder. In short, we'd know which line the account was being used from.
OK, fair enough Bob. As I said above, I thought I was probably wide of the mark.
Re: Plusnet password visible to call centre staff
11-09-2013 4:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Your always recommended to use a different password for everything... why should your isp be any different? Use a random password for each account and all is well in the world job jobbed.
I knew my password was visible to the staff and quiet frankly working in a call centre the last thing i would be worried about would be taking a customers password..... Your closing cases to quickly to actually take these details down and ask yourself... what could they use it for if they did? effort v reward comes into play and to spoof a mac address is fine, to spoof it to the correct one would be the cleaver trick
Re: Plusnet password visible to call centre staff
11-09-2013 6:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
They are not even stored as a secure one-way hash.
Sooner or later...
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Plusnet password visible to call centre staff
11-09-2013 7:33 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: vilefoxdemonofdoom They are not even stored as a secure one-way hash.
Sooner or later...
..... which brings back memories of the PlusNet email-hack fiasco of a few years ago .....
Re: Plusnet password visible to call centre staff
11-09-2013 8:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Plusnet password visible to call centre staff