I've called Orange about 3 or 4 times in the space of a month, and each time I've been asked for the same letters from my password. I don't know if they ask for the same positions of character for all users, but to me that poses a slight security risk. Surely it's not too difficult to randomise it each time?
Those particular ones are the normal example given so most use them as if it's a requirement to use them rather an a recomendation. I've used other ones before but usually only when my mind goes blank for a moment when answering.
2nd and 4th here as well and it's an APPALLING security breach. You should never, ever have to give out your password details to anyone. It means that at some point your password is in plain text.
I have mentioned this to them and been told 'its a requirement' so tough basically. I don't like it at all so I make sure my Orange password is simple and not used anywhere else.
Since january when I started with them i have every single time been asked for the second and fourth! And I've called a lot! Gets me laughing every time... but actually, thinking about it, its not funny at all.
Well they need to use some form of verification to stop just anyone calling and changing your package or ordering extra hardware on your account, it's all part of the data protection laws. Your password is supposed to be kept secret by you so it's a relatively secure piece of information to use and the nature of the work often requires access to the password much more than you expect.
Well they need to use some form of verification to stop just anyone calling and changing your package or ordering extra hardware on your account, it's all part of the data protection laws. Your password is supposed to be kept secret by you so it's a relatively secure piece of information to use and the nature of the work often requires access to the password much more than you expect.
Perhaps but they should be using other forms of verification. The problem is simply one of once it becomes acceptable to share your password (or even part of it) with one company you can be socially engineered into doing it for another. Any company that wants you to share your password or part of it really doesn't have much of a clue where security is concerned.
Passwords should never, ever be asked for by anyone, EVER.
What other pieces of information would you suggest? There needs to be at more than 3 to choose 3 security questions from.
Anything the user wants from a list like below:
Passphrase
Doctors name
Mothers maiden name
Fathers middle name
First high school
Memorable date
pets name
favourite football team.
Town of birth
and so on.
The actual security questions don't matter that much. As long as you have a couple of pieces of information that only you and the database at the other end know. The application should pick a random Three and the tech should only see the challenge & the response for the application selected Three.
At least make the character positions from your password random.
NO! Encouraging any user to reveal even a part of their password will cause them to treat password security in a slap dash way. They will be the ones that fill out the emails that appear to be from a bank asking for all the details.........
Giving out part of your password over the phone when you're calling them is very much different to entering them after clicking some link in a random email saying the security systems are being updated, etc.
I've not heard, even in jest, of anyone abusing the system to access someone's account. It's not perfect but it works and to be honest if someone reveals their password somewhere else like in a fake website or email then really it's their fault.
I've had people not wanting to reveal it over the phone and you just have to work around it.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
