[OT] Security question

Frank Millman frank at chagford.com
Thu Dec 22 04:39:14 EST 2016


Hi all

This is off-topic, but I would appreciate a comment on this matter.

I have just upgraded my internet connection from ADSL to Fibre.

As part of the process, my ISP sent a text message to my cell phone with the 
username and password I must use to connect.

To my surprise, they sent me my existing username *and* my existing 
password, all in clear text.

I felt that this was insecure, so I sent them an email querying this and 
querying why they had my password in clear text on their system in the first 
place.

This was their reply -

"""
Thank you for taking the time to contact [...] Technical Mail Support.
I understand the importance of your password inquiry and will gladly assist.
Please note our Password protocols are secured via OTP.
This means nobody else can register or request your password as it will only 
be sent to the cellphone number we have registered for the OTP service on 
our side.
If somebody else requests a reminder of the password, it will be sent to 
your cellphone as your number is registered for the OTP service.
I hope this clarifies the matter.
"""

They did not comment on the second part of my query.

Does their reply sound reasonable, or are my concerns valid?

Thanks

Frank Millman




More information about the Python-list mailing list