[OT] Security question
frank at chagford.com
Thu Dec 22 04:39:14 EST 2016
This is off-topic, but I would appreciate a comment on this matter.
I have just upgraded my internet connection from ADSL to Fibre.
As part of the process, my ISP sent a text message to my cell phone with the
username and password I must use to connect.
To my surprise, they sent me my existing username *and* my existing
password, all in clear text.
I felt that this was insecure, so I sent them an email querying this and
querying why they had my password in clear text on their system in the first
This was their reply -
Thank you for taking the time to contact [...] Technical Mail Support.
I understand the importance of your password inquiry and will gladly assist.
Please note our Password protocols are secured via OTP.
This means nobody else can register or request your password as it will only
be sent to the cellphone number we have registered for the OTP service on
If somebody else requests a reminder of the password, it will be sent to
your cellphone as your number is registered for the OTP service.
I hope this clarifies the matter.
They did not comment on the second part of my query.
Does their reply sound reasonable, or are my concerns valid?
More information about the Python-list