This client is non-technical and doesn't clearly remember the course of the conversation or how the password was asked for. I'm not sure if the CSR was able to see it or not as the client told me the conversation went something like "no, that's not it ... no not that either" but she tells me the CSR did try to give a couple of clues to jog her memory.
This got me curious...
Do Vodafone, or for that matter ISPs in general, store their users' passwords in cleartext and can helpdesk and accounts CSRs see these passwords?
If so, this seems pretty lax. Is it true?