Slashdot Mirror

← Back to Stories (view on slashdot.org)

Changing Customers Password Without Consent

Posted by samzenpus on from the leave-my-words-alone dept.

risinganger writes "BBC News is reporting that a customer had his password changed without his knowledge. After some less than satisfactory service the customer in question changed his password to 'Llyods is pants.' At some point after that, a member of staff changed the password to 'no it's not.' Requests to change it back to 'Llyods is pants,' 'Barclays is better,' or 'censorship' were met with refusal. Personally I found the original change funny, like the customer did. After all, god forbid a sense of humour rears its ugly head in business. What isn't acceptable is the refusal to change it per the customer's requests after that."

5 of 435 comments (clear)

  1. Plaintext passwords? by MiKM · · Score: 5, Insightful

    What worries me more is that they are storing the passwords in plaintext.

    1. Re:Plaintext passwords? by MrNaz · · Score: 5, Insightful

      Unless there is money being paid for accessing the systems

      What, you mean like bank fees?

      or there is an existing policy/agreement in place that says the system owners will not mess with passwords

      What, you mean like the legislative requirement that banks give depositors access to their funds?

      The people that own the systems have the right to do what they wish with them.

      No, they don't. They doubly don't if it means banking customers' financial services are interrupted.

      Does your phone company, who own the systems that your phone calls go through, have the right to let their operators listen in on your conversations and interject with witty remarks every now and then?

      --
      I hate printers.
    2. Re:Plaintext passwords? by EvilIdler · · Score: 5, Insightful

      Uhm..what?! You don't store passwords in plain text, full stop. One-time passwords, alright. Generate one based on your bank card, and give it to the operator. It can't be used again. But a regular password? No way.

    3. Re:Plaintext passwords? by telchine · · Score: 5, Insightful

      If the operator ever needs me to prove my identity, I am asked to provide eg the 4th & 5th character, not the whole thing. Sounds like Lloyds needs to update their security procedures!

      My bank als asks me for two letters from my password, and my bank is Lloyds!

      How do you know for sure that your bank's operator can't see the full password when they're asking you for two letters?

  2. Re:Clarifying for Americans by fotbr · · Score: 5, Insightful

    American here. No, that is not anywhere NEAR the average American's grasp of geography. You're giving them far, far too much credit. Most of my countrymen below the age of about 30 have no clue about anything other than the area of the US they live in, and some vague notion of Africa being poor, and Iraq being "over there". They can't even pick out all the states, much less find Iraq on a map. They *might* be able to pick out the continent of Africa, but they'd probably be looking for a single country instead.

    Our public school system has turned an entire generation into morons, who think being wrong is ok as long as they feel good about themselves.