TPG Community

Get online support

Password security concern

orbistat
Level 8

I remember having to reset an email password once and the link to reset it was sent to a recovery email address that I hadn't used in a long time, I couldn't remember it's password either, at some stage you need to trust a human to help you. I still like to chat to a human to get things sorted rather than web based boxes and enquiry email forms, anyway see what the sys admin guys have to say about it all.

stuarttravers
Level 3
Human involvement is great, but it's not an issue. If you have the issue you mentioned, then a human could verify your identity and give you a special link or temporary password you could then use to set a new one. They don't need to be able to read your existing password to do that.

But yeah let's see what the tpg guys have to say about it.
adreise
Level 2

Bump. This is a massive security issue. 

stuarttravers
Level 3
It really is. I'd have hoped tpg would have responded by now.
shae
Level 2

Stuart,

 

I totally agree with your concern.  I just spent 20 minutes with a customer support person for Dodo, trying to convince them it is a good idea to hash passwords and not store them in plain text.  Seem most telcos in Australia have similar issues.

 

I just set up an account to be able to post on this site and I saw a clue that the password I entered was being stored in plain text : 

 

Capture.PNG

 

Maximum character length 20 characters...  If it's hashed, it shouldn't matter.  You could use an essay as your password and it would be the same size in the database (might be a bit of an issue in terms of time taken to upload password).

shae
Level 2

However their password reset does all the right things on this forum login :

Untitled.png

 

Doesn't prove passwords are hashed, but no way to know either way.

2chrisp
Level 2

A bit of a whopper, isn't it?

 

Couldn't agree more. Feeling nervous... sort of... would be much worse if it weren't for the simple fact that I have not used this password elsewhere.

 

Thanks to Password Managers everywhere!

 

TPG - This is TOO SLACK. I REALLY HOPE YOU HAVE FIXED THIS BY NOW   Robot Mad