-
I just called a major, well known corporation on the phone and the automated system asked me to key-in my web password to get to customer support.
Key-in my password. In the clear. On the phone.
Anyone see an issue with that?
#security #passwords #encryption #cryptography #math #BruteForce
Keying-in the password on the keypad of a phone wouldn't give a listener the exact password because each letter could be one of three, plus upper/lower case, but it would make a brute-force attack a trivial matter.
@Pat I thought more of the ramifications of such bad policy. Who acts like this probably does more stupid things.
>" I thought more of the ramifications of such bad policy. Who acts like this probably does more stupid things."
I'm seriously considering moving my business to another company because of this.
@Pat Best of luck with that. In my experience there is what one could call a race to the bottom or, from another angle, quality-fixing (analog to price fixing).
@Pat bad mojo
@Pat my favorite is when your already on the phone with them and they ask you for a phone number they can text a verification code to. 🤦♂️
@LouisIngenthron @Pat precisely, they should use a known number. Ive used a new number before and they had no issue.
@Pat Might as well consider your web account public