Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersTAB CSR's able to read passwords rather than reset.
Distorter

219 posts

Master Geek


#154688 4-Nov-2014 15:33
Send private message

Not sure if I am posting this in the right area, but found this quite bizarre.

I wanted to place a bet on the Melbourne Cup but couldn't remember my details to log into my account on the TAB website. So I rang their help line, once connected the CSR confirmed my details and then ......TOLD me what my password was.

Not that happy that they have a system in place that allows them to view passwords. Anyone from Catalyst on these forums? I believe they look after the TAB website.

Is this normal practice? Where I work most things are single sign on through ADFS and of course you can't read passwords from Active Directory.

Create new topic
amanzi
Amanzi
1285 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1168585 4-Nov-2014 15:35
Send private message

No, that's never a good idea... What security checks did they do before reading you the password? How did you identify yourself?

 
 
 
 

Shop now on AliExpress (affiliate link).
Distorter

219 posts

Master Geek


  #1168596 4-Nov-2014 15:39
Send private message

My date of birth and the pin on my account. If I didn't know the pin, which I did, then they probably would've asked for email I assume.

nathan
5695 posts

Uber Geek
Inactive user


  #1168609 4-Nov-2014 16:14
Send private message

Sounds like they're Storing passwords using reversible encryption


That's not a sensible security best practice using plaintext versions of the passwords, they should be hashed



gcorgnet
1078 posts

Uber Geek


  #1168611 4-Nov-2014 16:21
Send private message

nathan: Sounds like they're Storing passwords using reversible encryption


That's not a sensible security best practice using plaintext versions of the passwords, they should be hashed


Aha! you seem to assume they are even using encryption.

If some CSR on the phone was able to dig out the password so easily, I would say the thing wasn't even encrypted. Really bad practices!
Always amazes me to realise something we just take for granted is actually missing from a lot of systems, even in big companies...

Create new topic





News and reviews »

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50

OPPO Reno13 Pro 5G Review 
Posted 29-May-2025 15:33

Logitech Introduces New G522 Gaming Headset
Posted 21-May-2025 19:01

LG Announces New Ultragear OLED Range for 2025
Posted 20-May-2025 16:35

Sandisk Raises the Bar With WD_BLACK SN8100 NVME SSD
Posted 20-May-2025 16:29








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright