TPG Community

Get online support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Password security concern

orbistat
Level 8
Level 8
‎12-03-2018 03:11 PM

I remember having to reset an email password once and the link to reset it was sent to a recovery email address that I hadn't used in a long time, I couldn't remember it's password either, at some stage you need to trust a human to help you. I still like to chat to a human to get things sorted rather than web based boxes and enquiry email forms, anyway see what the sys admin guys have to say about it all.

0 Likes
Reply
stuarttravers
Level 3
Level 3
‎12-03-2018 03:17 PM
Human involvement is great, but it's not an issue. If you have the issue you mentioned, then a human could verify your identity and give you a special link or temporary password you could then use to set a new one. They don't need to be able to read your existing password to do that.

But yeah let's see what the tpg guys have to say about it.
Reply
adreise
Level 2
Level 2
‎08-04-2018 03:48 PM

Bump. This is a massive security issue. 

Reply
stuarttravers
Level 3
Level 3
‎08-04-2018 04:09 PM
It really is. I'd have hoped tpg would have responded by now.
0 Likes
Reply
shae
Level 2
Level 2
‎19-09-2019 10:31 PM

Stuart,

 

I totally agree with your concern.  I just spent 20 minutes with a customer support person for Dodo, trying to convince them it is a good idea to hash passwords and not store them in plain text.  Seem most telcos in Australia have similar issues.

 

I just set up an account to be able to post on this site and I saw a clue that the password I entered was being stored in plain text : 

 

Capture.PNG

 

Maximum character length 20 characters...  If it's hashed, it shouldn't matter.  You could use an essay as your password and it would be the same size in the database (might be a bit of an issue in terms of time taken to upload password).

0 Likes
Reply
shae
Level 2
Level 2
‎19-09-2019 10:38 PM

However their password reset does all the right things on this forum login :

Untitled.png

 

Doesn't prove passwords are hashed, but no way to know either way.

0 Likes
Reply
2chrisp
Level 2
Level 2
‎27-04-2020 07:05 PM

A bit of a whopper, isn't it?

 

Couldn't agree more. Feeling nervous... sort of... would be much worse if it weren't for the simple fact that I have not used this password elsewhere.

 

Thanks to Password Managers everywhere!

 

TPG - This is TOO SLACK. I REALLY HOPE YOU HAVE FIXED THIS BY NOW   Robot Mad

 

0 Likes
Reply