PSN and PN passwords
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- PSN and PN passwords
PSN and PN passwords
27-04-2011 12:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Why do PN support operatives want to know my password when I call up? This makes me concerned that they can also see my password (thus then using it to check I am who I say I am).
Login to the portal is protected by SSL so that the password is sent encrypted, so why do the support staff need to see my password?
Does this therefore mean that once in a hacker would have a trivial time stealing it back?
Re: PSN and PN passwords
27-04-2011 1:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'd like to reassure you that passwords are protected and are secure. It's also worth bearing in mind that passwords aren't visible on accounts by default. Agents have access to a link to view the password, this access is logged which means that it's entirely accountable.
Re: PSN and PN passwords
27-04-2011 1:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I believe them to be wrong.
The passwords need to be stored as hashes and totally inaccessible to the staff.
As far as I am concerned this is a serious security over sight.
If and when customers forget their passwords, as I'm sure they do, there should be other mechanism for generating new passwords.
Re: PSN and PN passwords
27-04-2011 1:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: PSN and PN passwords
27-04-2011 1:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's not just the forgetting of passwords, we need to be able to dial test as customers on occassion and test webspace access, FTP, email etc. Without being able to do this would add a huge support overhead and IMO lead to more annoyed customers that we can't help fully.
Re: PSN and PN passwords
27-04-2011 1:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That way we could have a new password and pigeon stew.
Or something that only remains valid for 24 hours (after first use) and has to be changed by the user, given over phone/text/pigeon/etc.
Re: PSN and PN passwords
27-04-2011 1:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Every ISP I have been with have asked for my password during calls I have made to them, Mobile phone networks are the same.
Re: PSN and PN passwords
27-04-2011 1:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
New passwords could be SMS's, sent by email, or delivered over the phone by CALLING the accounts registered number, or indeed by any means previously confirmed to be a method to contact the subscriber.
Having worked in tech support myself, I think for the most part "being able to access the users account" is mostly specious, but when it really is needed sometimes, a password reset can be done.
Re: PSN and PN passwords
27-04-2011 1:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As a very rough guess, in the region of 5-10% of our calls are related to router setup, with a large proportion of those being down to forgotten passwords.
Whilst I appreciate your feedback and concern, our approach is unlikely to change.
Re: PSN and PN passwords
27-04-2011 2:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: PSN and PN passwords
27-04-2011 2:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The majority of our routers do self configure though.
Then you have the problem with people experiencing difficulties setting up email. We can't then send them an email with their password and not everyone has a mobile.
I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.
Re: PSN and PN passwords
27-04-2011 2:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: PSN and PN passwords
27-04-2011 2:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: _Adam_Walker_ We ask for characters from your password as this is a quick and efficient means of performing data protection checks.
Hi, I'd like to confirm this is incorrect, I have experience more than once, your support agents asking for my full password.
Though it seems the above is pretty irrelevant as you feel it is necessary to allow people access to passwords.
Just my opinion, but I disagree, and here's a little about why:
Through my professional experience I've come across scenarios before where people have told me that they "must know" the users passwords to do all manner of things.
Very easily we changed this, by hashing the passwords, and allowing the support people to reset them when needed. That way no one ever needed to know anyone's password.
This system is now used by banks big and small, and has been through the SOX process also.
Quote from: Jameseh I'm pretty comfortable that our approach is fairly normal - as it has been for my previous 3 ISPs.
While it may be "normal" it doesn't mean it's right thing to do.
Re: PSN and PN passwords
27-04-2011 2:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: PSN and PN passwords
27-04-2011 3:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
adie:quote
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page