Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne New Zealand (including Vodafone, WxC, Farmside)The convoluted maze that is contacting Vodafone
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1306244 16-May-2015 12:00
Send private message

There is no good excuse for passwords to be visible. Even for support. Worst case, reset password with a notification to owner so even then CSRs don't see them.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup



ajobbins
5052 posts

Uber Geek

Trusted

  #1306248 16-May-2015 12:38
Send private message

freitasm: There is no good excuse for passwords to be visible. Even for support. Worst case, reset password with a notification to owner so even then CSRs don't see them.


This x1000. People often reuse passwords all over the place, and this is a huge fraud opportunity for a less than honest CSR.

And the fact that the password is visible to the CSR in the first place indicates it's likely not encrypted. If your database get's hacked and someone makes off with all the email addresses and passwords....




Twitter: ajobbins

quickymart
13924 posts

Uber Geek

ID Verified

  #1306250 16-May-2015 12:42
Send private message

Demeter:
freitasm: Two words: social engineering.



Hmm... I hear what you're saying, but if the person has such a vested interest and knows enough personal details to pass security checks so they can get an email password, for example, I'm sure they can get the info regardless of whether they are speaking to someone on the phone or using an automated system to retrieve it. Not allowing CSRs to see passwords has so many downsides (support wise) that I don't even know where to begin.

I can't see a user's password in my role. But we have a policy of resetting it and e-mailing it to the registered address, which works quite well. If the address needs updating, they send us an e-mail to let us know what the new one is and we update it (after confirming it's all above board).



BarTender
3606 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1306252 16-May-2015 12:47
Send private message

ajobbins:
freitasm: There is no good excuse for passwords to be visible. Even for support. Worst case, reset password with a notification to owner so even then CSRs don't see them.


This x1000. People often reuse passwords all over the place, and this is a huge fraud opportunity for a less than honest CSR.

And the fact that the password is visible to the CSR in the first place indicates it's likely not encrypted. If your database get's hacked and someone makes off with all the email addresses and passwords....


This ×400000 times. Not encrypting your password database is asking for trouble from a less honest CSR or Network admin. It's not like there isn't plenty of examples why non encrypted passwords is bad. As someone who's day job is protecting exactly these sorts of credentials I find it yet another reason to never be a Vodafone customer.

I don't really look forward to Vodafone NZ joining the likes of Adobe and LinkedIn but only worse since they aren't even hashed.

Lesigh.

Rikkitic
Awrrr
18657 posts

Uber Geek

Lifetime subscriber

  #1306284 16-May-2015 13:26
Send private message

I would not be happy receiving an important password by email, even if it is secure. Forum logins okay, they can be quickly changed, but not anything involving money.




Plesse igmore amd axxept applogies in adbance fir anu typos

 


 

BlakJak
1275 posts

Uber Geek

Trusted

  #1306642 17-May-2015 14:36
Send private message

Receiving a password that has been reset and can rapidly be changed again is different from being emailed your current password. One is ok, (but far from perfect), other is certainly poor practice.




No signature to see here, move along...

1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright