cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet password visible to call centre staff

dave12345678
Newbie
Posts: 1
Thanks: 1
Registered: ‎19-08-2013

Plusnet password visible to call centre staff

I called customer services recently and they prompted me for a couple of random characters from my password as part of the security checks.  I wasn't sure what my password was and said as much to the person I was speaking to, and they responded by saying "it looks like quite a random one".  I was quite taken aback by what they said , so I asked them if they could see my whole password, and they said they could.  This is very bad practice and must mean that they store passwords in clear text within their system.  Staff at Plusnet have access to your passwords (remember how you're always told you should never share your password with anyone) and if hackers get into their system and steal the passwords then without any form of encryption on those passwords their job has been made a lot easier.
Although my password was unique to my Plusnet account, I immediately changed it to a completely random one (my original one was semi random) and I strongly suggest that you do the same if you use the your Plusnet password on other sites.
60 REPLIES 60
VileReynard
Hero
Posts: 12,616
Thanks: 579
Fixes: 20
Registered: ‎01-09-2007

Re: Plusnet password visible to call centre staff

But the new password is (presumably) visibile

"In The Beginning Was The Word, And The Word Was Aardvark."

avatastic
Grafter
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: Plusnet password visible to call centre staff

Every access to your password is logged by the system, so there is always a record of when a CSC Agent has had to look at it.
Additionally the passwords are probably stored encrypted but in a way that can be decrypted (rather than being stored as a one-way hash).
I believe it has also been said in the past the the systems used to store the passwords/retreive them are only accessible from an internal VPN and aren't directly connected to the internet.
This pops up from time to time, so I hope I've remembered everything!
Cheers,
A.
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
Razer
Grafter
Posts: 1,398
Thanks: 8
Registered: ‎17-11-2012

Re: Plusnet password visible to call centre staff

I have been concerned about this before. Another member said some time ago when I raised the issue that he believed staff only saw the characters you were asked for on the phone. I just assumed he knew what he was saying. Clearly that's not the case and the whole password can be seen. I'm not happy about that at all.
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: Plusnet password visible to call centre staff

We have to be able to see the full password for troubleshooting issues.
I have raised this with the ICO before who had no issues with the way we do things.
Razer
Grafter
Posts: 1,398
Thanks: 8
Registered: ‎17-11-2012

Re: Plusnet password visible to call centre staff

If you need to use the password to troubleshoot, the system should do it in a way where it is not shown and can only be used by the system in an automatic fashion, otherwise it is fundamentally insecure, whatever the ICO may say.
Tulner
Dabbler
Posts: 12
Thanks: 5
Registered: ‎10-09-2013

Re: Plusnet password visible to call centre staff

Quote from: James
We have to be able to see the full password for troubleshooting issues.
I have raised this with the ICO before who had no issues with the way we do things.

Please can you tell me in detail why you need to see my password for "troubleshooting"
I am literally furious right now after being on the phone and being told that all call centre advisors can see my full password.
I was NEVER informed my password was going to be viewable to other people when I signed up.
No other operator does this at all.
Most have a seperate security question and answer and that is all they need.
This is a great way to loose customers as right now I am on the verge of cancelling my installation and going elsewhere after this, it is just beyond belief to me that in this day and age you are doing this.
Pretty much every single other decent company say " we will never ask your password"
First question you asked me when I rang "what's your password?"
I mean seriously? You think this is fine?
Mav
Moderator
Moderator
Posts: 22,705
Thanks: 4,874
Fixes: 518
Registered: ‎06-04-2007

Re: Plusnet password visible to call centre staff

T-Mobile frequently ask for the full password when phoning them. I have asked several times why and have never, as yet, got a satisfactory answer.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Tulner
Dabbler
Posts: 12
Thanks: 5
Registered: ‎10-09-2013

Re: Plusnet password visible to call centre staff

Well I am literally feeling right now unless I get a proper answer to why they need to have my password in clear text then I will be phoning and cancelling the install and going elsewhere.
It is bad enough to do it, but then to give the answer of  " its for troubleshooting" is ridiculous. They can see something they should not be able to see, how about they actually give us the full reason. And I am pretty sure if they contact the "ICO" they will tell you that you need to give us that reason, not just fob us off.
TBH I find it very difficult to believe the ICO gave the go ahead for it at all. And I will be contacting them myself about this.
also I tihnk Plusnet would find if it was general knowledge they done this they would loose a lot of customers, in this age people do not take kindly at all to having information that should be secure and known only to them being viewable to an entire call centre.
Thanks.
dvorak
Moderator
Moderator
Posts: 29,721
Thanks: 6,593
Fixes: 1,485
Registered: ‎11-01-2008

Re: Plusnet password visible to call centre staff

Quote from: Tulner

Please can you tell me in detail why you need to see my password for "troubleshooting"

Because the portal password is the same as that in the xDSL router and if you are having issues connecting it's helpful to know that the correct password is being entered into the router.
This will no doubt raise the question (again) for having separate xDSL password and portal password. But there isn't and there won't be iirc.
There are already topics about this.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Tulner
Dabbler
Posts: 12
Thanks: 5
Registered: ‎10-09-2013

Re: Plusnet password visible to call centre staff


Ok then why the hell is the password the same?
How hard is it for you to use a different password?
You would rather annoy your customers and be insecure due to lazyness? Seriously?
I have not even had the damn thing installed yet and I already want out, these business practices are lazy,  anti-consumer and in my opinion a breach of my data protection.
dvorak
Moderator
Moderator
Posts: 29,721
Thanks: 6,593
Fixes: 1,485
Registered: ‎11-01-2008

Re: Plusnet password visible to call centre staff

Firstly it isn't me, I'm a customer like you.
Secondly I'm not sure what the CSC could do maliciously even if one of them decided to copy my username and password.
Thirdly it's laziness
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Tulner
Dabbler
Posts: 12
Thanks: 5
Registered: ‎10-09-2013

Re: Plusnet password visible to call centre staff

You are also a moderator for their forum and therefore represent the company when you post.
And with the attitude you give of correcting my spelling rather then actually act in a professional manner, you reflect just as bad an image as this whole fiasco does.
w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

Re: Plusnet password visible to call centre staff

The moderators do not represent the company, this is a community forum moderated by customer volunteers.
Staff are identified as such under their name.
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Tulner
Dabbler
Posts: 12
Thanks: 5
Registered: ‎10-09-2013

Re: Plusnet password visible to call centre staff

Sorry who are you?
I am a customer, I came to the official forum on the official site, I see a "moderator" they are in authority on the Plusnet forums.
First thing customer thinks is they are part of Plusnet.
Therefore they represent the company.
As anything they say can affect the company's image.  
Just because they do not work for Plusnet does not mean they do not represent the company.