Changing Customers Password Without Consent
risinganger writes "BBC News is reporting that a customer had his password changed without his knowledge. After some less than satisfactory service the customer in question changed his password to 'Llyods is pants.' At some point after that, a member of staff changed the password to 'no it's not.' Requests to change it back to 'Llyods is pants,' 'Barclays is better,' or 'censorship' were met with refusal. Personally I found the original change funny, like the customer did. After all, god forbid a sense of humour rears its ugly head in business. What isn't acceptable is the refusal to change it per the customer's requests after that."
I was thinking the same thing... WTF?
Some days I get the sinking feeling Orwell was an optimist.
Heh. Truly a RTFA moment....They can't store that clear text if they want to verify it.
I read the article. You miss the point. You don't "verify the password". Not over the phone, or over the computer. You verify your identity and reset the password. That's the way good security systems work.
This is my sig.
And this is a *bank*, storing passwords in plaintext???
Reminder to self, *never* give Lloyd's any of my business.
No shit.
What the hell?
-10 points for ripping off xkcd,
Link to comic badly quoted...
http://xkcd.com/327/