[OT] Security question
Frank Millman
frank at chagford.com
Thu Dec 22 04:39:14 EST 2016
Hi all
This is off-topic, but I would appreciate a comment on this matter.
I have just upgraded my internet connection from ADSL to Fibre.
As part of the process, my ISP sent a text message to my cell phone with the
username and password I must use to connect.
To my surprise, they sent me my existing username *and* my existing
password, all in clear text.
I felt that this was insecure, so I sent them an email querying this and
querying why they had my password in clear text on their system in the first
place.
This was their reply -
"""
Thank you for taking the time to contact [...] Technical Mail Support.
I understand the importance of your password inquiry and will gladly assist.
Please note our Password protocols are secured via OTP.
This means nobody else can register or request your password as it will only
be sent to the cellphone number we have registered for the OTP service on
our side.
If somebody else requests a reminder of the password, it will be sent to
your cellphone as your number is registered for the OTP service.
I hope this clarifies the matter.
"""
They did not comment on the second part of my query.
Does their reply sound reasonable, or are my concerns valid?
Thanks
Frank Millman
More information about the Python-list
mailing list