cancel
Showing results for 
Search instead for 
Did you mean: 

plusnet still not hashing passwords

wfl
Hooked
Posts: 9
Thanks: 4
Registered: ‎21-03-2015

plusnet still not hashing passwords

What is going on, it's 2015 and plusnet are still not salt and hashing passwords. How does that meet with PCI compliance when they hold and process credit card info? I'm extremely disappointed to find Plusnet have still not addressed the serious failing having just been presented my password in the clear having followed the Fogotten My Password link
6 REPLIES 6
Strat
Community Veteran
Posts: 31,320
Thanks: 1,588
Fixes: 565
Registered: ‎14-04-2007

Re: plusnet still not hashing passwords

Interesting. I clicked the Forgotten My Password link and Plusnet sent me a password reminder email.
When I clicked the link in the email it took me to a page displaying my username and password.
To be honest I was expecting a password reset email with a link to a page enabling me to chose a different password.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
x47c
Grafter
Posts: 881
Thanks: 3
Registered: ‎14-08-2009

Re: plusnet still not hashing passwords

probably because when doing a repair to a fault on your broadband the BTOR operative may have to have your password to be able to log in as you
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: plusnet still not hashing passwords

No, that's the purpose of the BT test login credentials!
jelv
Seasoned Hero
Posts: 26,785
Thanks: 965
Fixes: 10
Registered: ‎10-04-2007

Re: plusnet still not hashing passwords

Quote from: Strat
To be honest I was expecting a password reset email with a link to a page enabling me to chose a different password.

Great idea - not!
Would you like to guess how many people would reset their portal password and then find that their broadband connection was dead because the password in the router was wrong? What would make it worse that the broadband would only die when they reconnected which could be many days later so they wouldn't associate the lost connection with the password change.
Only once Plusnet start using different passwords for the portal and the connection authentication would this be a safe (and very good) suggestion.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Strat
Community Veteran
Posts: 31,320
Thanks: 1,588
Fixes: 565
Registered: ‎14-04-2007

Re: plusnet still not hashing passwords

It's fortunate that Plusnet account passwords don't get compromised then.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
wfl
Hooked
Posts: 9
Thanks: 4
Registered: ‎21-03-2015

Re: plusnet still not hashing passwords

Now that's a better idea, different passwords for the members area and for your broadband log in. Then the member area password can be properly stored as a hash with no need for anyone to ever be able to read it. And there would be no excuse of engeneers might need it. Then add a proper password reset page.