Changing Customers Password Without Consent

risinganger writes "BBC News is reporting that a customer had his password changed without his knowledge. After some less than satisfactory service the customer in question changed his password to 'Llyods is pants.' At some point after that, a member of staff changed the password to 'no it's not.' Requests to change it back to 'Llyods is pants,' 'Barclays is better,' or 'censorship' were met with refusal. Personally I found the original change funny, like the customer did. After all, god forbid a sense of humour rears its ugly head in business. What isn't acceptable is the refusal to change it per the customer's requests after that."

Clarifying for Americans

[RevWaldo]

In the UK "pants" is the term used for underwear.
It is also slang for rubbish (that's "crap" for Americans.)

This doesn't speak well for the state of British underwear, but whatever.

Re:Plaintext passwords?

[EdIII]

It's a voice password. It is the employee on the phone that has to enter and verify the voice password. It is probably not being stored in plain text and it is entirely appropriate, and indeed required, that the administrative interface view the voice password as entered by other employees.

The only concern here is that an employee changed the voice password without authorization. Anytime an employee changes a password there should be records of the interaction. Call logs, voice logs, notes, etc.

Now in this case, the choice of the password might be deemed offensive. However, it seems that there was no clear and consistent policy enforced as to what a voice password could be.

Re:Plaintext passwords?

[Cassius+Corodes]

RTFA, its a phone banking password - as this is done via a operator, they are going to know the password anyway so its displayed to them.