1. Home
  2. Categories
  3. General
  4. Security WTF

Security WTF

  • K

     Hello all, I'm not sure this quite fits here but I'm slightly stuck for ideas so I thought I'd see what other people make of it.

    I recently signed up for a mobile contract from the French division of a major network. When I did so they supplied me with a 4 digit PIN to access my client area via their website, view bills, modify account details etc. I immediately tried to change the PIN for something more secure only to get an error message saying the PIN was incorrect. I contacted support and after a bit of back and forth, they asked me if I was complying with their password restrictions: it has to be 4 digits. No letters, only numbers. When I pointed out that this was very insecure they responded that no-one had ever complained so it can't be a problem and if I want to keep it secure I should change my password regularly. Like, every 6 hours I assume.

    So, am I being unreasonable to expect a level of security that a 12 year old with a copy of john the ripper can't crack inside 24 hours?There are no restrictions on the number of attempts you can make via the website.

    0
  • Ben L.

    I wonder how many people have a PIN of 1234...

    0
  • blakeyrat

    A 4-digit PIN is sufficient to lock the phone to prevent a thief from getting at your apps until you can remotely wipe it. It's not nearly sufficient to protect the billing area of a website.

    You're right, they're wrong. You need to find another carrier, one who cares about security.

    0
Log in to reply