[plug] ISPs storing plain-text passwords...
Kim Covil
kimc at ned.dem.csiro.au
Mon Aug 6 22:51:12 WST 2001
> The trouble is the password is the easiest way to verify the caller is who
> they say they are. You could use caller ID if they had it turned on, but
> what happens if there are more than one account in the same household.
> You could use the last 6 digits of their credit card (if thats what they
> used for payment), but I'd be more worried about them having my CC
> details than my password.
They usually have your credit card details anyway... there are a number
of different bits of information that could be used for phone
verification... I don't think giving someone my account password over
the phone should be one of them... If they want a phone-verification
Pass-word then they should ask for one as video-stores do... At least
then the damage is limited to the one account at the ISP...
> The simple thing is that support staff don't need your password to play
> with your account.
Exactly!!!
Cheers
Kim
--
======================================================================
Kim Covil - CSIRO Exploration & Mining E-mail: kim.covil at dem.csiro.au
PO Box 437, Nedlands, Tel: +61 8 9284 8425 ,-_!\
Western Australia 6009 Fax: +61 8 9389 1906 / \
*_,-._/
=================================================================== v
Please direct all personal e-mail to kimbotha at covil.com.au
More information about the plug
mailing list