Loading Profile...
T-mobile continues its insecure password retrieval as text messages
I still think that Paris Hilton's t-mobile account was broken into simply because you can go to t-mobile.com, enter a phone #, and if the phone was lost, you get the password as a text message.
T-mobile has had this insecure method of sending account passwords for years. It blows me away.
The only solution is to make sure you have a security code on your phone so if you lose it people can't get into your account (especially if you've been downloading email via T-mobile, this is important to protect your account).
T-mobile has had this insecure method of sending account passwords for years. It blows me away.
The only solution is to make sure you have a security code on your phone so if you lose it people can't get into your account (especially if you've been downloading email via T-mobile, this is important to protect your account).
I’m disgusted
Follow this discussion to get notifications on your dashboard.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?From a developer perspective, it's a sign that passwords are not stored encrypted in the database. That or it's being done using a function that is able to encrypt and decrypt it, which is also highly insecure.
It's been quite a common practice in web sites today to encrypt it using md5, sha1 or some combination of the two as neither of them have any way to decrypt them. Then a request to reset the password could be sent to the phone rather than the actual plain text password.
You could have it sent to an email too but even email accounts can be hacked into as easily as phones being stolen.
It still comes down to the user securing the data too. Companies can only do so much.
