Geeks With Blogs
Virtually Me Colin's Technical Ramblings

Over the last couple of evenings I've had the misfortune to have to call BT's Broadband support line owing to the fact that my connection was down.  Okay this is a bit of a niggle in what otherwise seems to be a fairly good and stable service, but I must admit that I am most concerned over their security practices, most notably their protection of my password. 

There are two issues that give cause for concern:

  • Firstly, when attempting to login to service directly on the broadband router last night, I happened to notice that my password is displayed in plain text in the status bar - not good!
  • Secondly, the support operative asked for my account password.  This practice alone should be halted immediately, there should never be a need for a support operator or administrator to ask for someone else's account password for any system.  He went on to state that he had my password there in front of him.  This I find most worrying.  I'm reasonably okay with the concept that a mail administrator could potentially get into my mail box if they really wished to, (hey my last grocery order from Ocado wasn't that exciting) but I am most perturbed to think that a support operative could stroll off to their local Internet café with my password and effectively masquerade as me on-line - Accessing my mail and sending mail as me.

Come on BT you are big enough to have good solid security practices in place.  If anyone from BT can justify their operatives holding their customers' passwords then please feel free to comment on this post.  I don't think that saying that they have to be able to handle a user forgetting their password will be good enough, as passwords can be reset.

Posted on Thursday, February 16, 2006 4:53 PM | Back to top

Comments on this post: My concerns over the security of BT broadband

# re: My concerns over the security of BT broadband
Requesting Gravatar...
Generally companies have this information in order to protect others from calling in and masquerading as you. Would you prefer that they only ask for your name in order for them to divulge any account information?
Left by IceNine on May 19, 2006 3:42 PM

Your comment:
 (will show your gravatar)

Copyright © Colin Rowland | Powered by: