TPG Community

Ask, answer and talk about our products

Password security concern

Level 8

I remember having to reset an email password once and the link to reset it was sent to a recovery email address that I hadn't used in a long time, I couldn't remember it's password either, at some stage you need to trust a human to help you. I still like to chat to a human to get things sorted rather than web based boxes and enquiry email forms, anyway see what the sys admin guys have to say about it all.

Level 3
Human involvement is great, but it's not an issue. If you have the issue you mentioned, then a human could verify your identity and give you a special link or temporary password you could then use to set a new one. They don't need to be able to read your existing password to do that.

But yeah let's see what the tpg guys have to say about it.
Level 1b

Bump. This is a massive security issue. 

Level 3
It really is. I'd have hoped tpg would have responded by now.
Level 1a

Stuart,

 

I totally agree with your concern.  I just spent 20 minutes with a customer support person for Dodo, trying to convince them it is a good idea to hash passwords and not store them in plain text.  Seem most telcos in Australia have similar issues.

 

I just set up an account to be able to post on this site and I saw a clue that the password I entered was being stored in plain text : 

 

Capture.PNG

 

Maximum character length 20 characters...  If it's hashed, it shouldn't matter.  You could use an essay as your password and it would be the same size in the database (might be a bit of an issue in terms of time taken to upload password).

Level 1a

However their password reset does all the right things on this forum login :

Untitled.png

 

Doesn't prove passwords are hashed, but no way to know either way.