back to article Ofcom to UK: Really - you're using the same password for everything?

Brits are taking serious security risks by continuing to use the same password for multiple websites, communications watchdog Ofcom warned today. Worse still, the regulator - which published a report today based on a survey of 1,805 people aged 16 and over - found that a staggering one in four (26 per cent) UK adults used …

COMMENTS

This topic is closed for new posts.
  1. Richard 12 Silver badge

    True but misleading

    For example, I only have six or seven online passwords, and most websites have the same one.

    That's because they are ****y little websites where I don't care in the slightest if somebody uses my login, because the websites shouldn't even have one in the first place - and I'm guessing that most store them plaintext anyway.

    I'd happily use the same login as everybody else on El Reg for many of them!

    I'm sure everybody can think of several examples.

    The other passwords are for places like this very forum where I do care about people impersonating me, and my online banking/payment where I very much care.

    1. Eponymous Cowherd
      Thumb Up

      Re: True but misleading

      Ditto.

      You are required to register for so many sites that it is completely impractical to have a separate password for each.

      I, too, have "graded" passwords ranging from the one I use for crappy forums through to the one I use for online banking.

      The passwords themselves should be robust, but having a different password for each and every site is stupid.

    2. AndrueC Silver badge
      Meh

      Re: True but misleading

      Same here. Three main passwords for me rated for security - unimportant, important, very important.

      1. Peter2 Silver badge

        Re: True but misleading

        Mine are rated by risk of somebody getting the password.

        1) Could impersonate me on a random forum such as elreg.

        2) Could commit me to financial expenditure eg. eBay etc

        3) Could directly access money (eg. paypal, bank etc)

        1 has shared passwords for virtually everything. 2 & 3 have unique passwords for every single account. If more or less everybody doesn't do this, i'd be quite surprised.

        1. jaminbob
          Stop

          Re: True but misleading

          I agree entirely. It took 7 attempts to remember the correct pass for El Reg just now!

          very much blame 'the victim'.

          I have low sec for stuff i dont care about and then about 4 or 5 others as they get more important (ebay, paypal etc).

          What happened to openID etc?

      2. Kevin Johnston

        Re: True but misleading

        Here too. I have a couple of password roots I use for middling grade websites which can be readily split into very easy or very complex depending on the site requirements but I care not a jot if they are compromised. For the real stuff I have some equally easy to remember but apparently complex passwords which relate to some role-playing scenarios I created in my youth which only four people ever played.

        When advising people on password strength I always point them at silly information they would never forget like inserting their shoe size as the second character (2nd and 3rd for the sasquatches) or suchlike so they can run with more easily remembered passwords.

    3. plrndl
      Alien

      Re: True but misleading

      There's no point in using secure passwords, when many of these ****y sites immediately email you (in plain text of course) confirmation of your user name and password.

      Anyone who is stupid enough to use a weak password for their on-line banking, deserves to be deprived of their money.

    4. Anonymous Coward
      Thumb Up

      Re: True but misleading

      Exactly, easy one for forums, some decent, secure ones for online shopping, Gmail and Facebook get their own passwords totally different to anything else & online banking get's the super secure ones....

      As you say, half of the sites shouldn't have logins anyway!!

      E.D.

    5. John Wilson

      Re: True but misleading

      "because the websites shouldn't even have one in the first place"

      So. Much. This.

      Far, far too many websites now are demanding e-mail addresses and passwords for the most basic of transactions and one-off purchases. "Create an account to complete your purchase of this little bauble when you'll never buy from us again but we'll keep your email and password in perpetuity". Those kind of sites need to die.

      1. Yet Another Anonymous coward Silver badge

        Re: True but misleading

        >far too many websites now are demanding e-mail addresses and passwords for the most basic of transactions and one-off purchases.

        And lo he created mailinator.com and saw that it was good

    6. Alan Edwards
      Thumb Up

      Re: True but misleading

      Another ditto. Having a unique password for every single website is overkill.

      Anything that matters gets a strong password, the login for some website forum I posted to once gets the same password as every other website forum...

      I'm more concerned that only 62% have a password on their wifi router.

      1. El Andy

        Re: True but misleading

        @Alan Edwards: "I'm more concerned that only 62% have a password on their wifi router."

        True, though I wonder how many of the remaining 38% just have no idea. Most routers that have shipped in the last 5 years at least have shipped with a secure setup by default. Many people will have just entered the password once and then forgot all about it (or even used the push-button secure config that many have) and so may have incorrectly assumed they don't have security turned on.

  2. Anonymous Coward
    Anonymous Coward

    55 percent?

    Clearly, a lot of the rest were telling porkies. In my experience you can explain the what and why till you're blue in the face to most non-techies, and they'll still think fido282 recycled everywhere will keep their privates out of reach, usually protesting they don't have anything worth nicking. Family are by far the worst; delighted when you get their email working, but just glaze over when you suggest that the kids birthday probably isn't up to scratch, and the party trick of guessing their passwords always seems to simultaneously amaze and fail to make the point.

    Sites are getting better at mandating tougher passwords, it's just that not enough of them are doing it.

    1. Anonymous Coward
      Anonymous Coward

      Re: 55 percent?

      Sites are getting better at mandating tougher passwords, it's just that not enough of them are doing it.

      But this can cause more problems as they all have different rules on what is a tough password so you find a carefully crafted scheme to cope with multiple or different grades of passwords falls apart when the password you want to use (because given the site its the one you will remember as being applicable) isn't accepted. Then when you come back your initial login fails and you have to start thinik "was this the site that required numbers and captials but didn't allow underscores or was it the one that needed a symbol and a password of 8-12 characters"?

      1. Gaz Jay
        Thumb Up

        Re: 55 percent?

        Reminds me of this: http://xkcd.com/936/

      2. Anonymous Coward
        Anonymous Coward

        Re: ...was this the site...

        Then there are the really, really irritating ones that only accept passwords of say max 12 characters, but don't bother to tell you on the page. So when you've entered 16 characters assuming its OK, they neither warn you nor discard the extra characters even though they're not used. Go back and try to login and it fails, because at this point apparently the extra characters do matter, and it'll probably take 10 minutes to figure out what the problem is and take multiple swipes at truncating the password till it works. What are these people on??

        1. Anonymous Coward
          Anonymous Coward

          Re: ...was this the site...

          I only have three levels of password now, standard, for forums and the like, secure, for anything I do not wish to be impersonated on and can buy online with, and totally unique passwords for banking. The secure layer passwords as it happens turn out to be unique as well, but I use supergenpass for it. I can quite happily say I literally do not know any of my passwords for that level, only roughly if they are the right or not. Only problem is if one online system is compromised, due to how supergenpass works it makes altering individual passwords difficult.

          I find banking systems quite annoying as all of them have differing ideas on what is acceptable. My bank won't accept special characters in the password field.

          I figure with one time pass and supergenpass my email account should not worth the trouble to bother with attacking.

        2. Gav
          Megaphone

          Re: ...was this the site...

          What of the ones that have very particular and specific password requirements, for no obvious reason, that make your usual default one impossible to use?

          Not that they tell you what the very particular and specific password requirements are. No. They wait until you have failed to meet the secret requirements, then they tell you off for not meeting them. And then again for the next one when you try again. And again. And again. And oops, you forgot about the first requirement, didn't you? Try again. Until you are screaming at the screen "NO-ONE IS GOING TO HACK YOUR WEBSITE TO ORDER TAKE-AWAY IN MY NAME! YOU DO NOT NEED THIS LEVEL OF SECURITY!"

    2. John Lilburne

      Re: 55 percent?

      It doesn't matter how tougher sites are at password mandating, I'll use the same strong one for all of the bastards. The more sites feck about with passwords the more likely it is that we'll stick them in the plain text file. And there is nothing wrong with fido282 for most of the useless websites we access.

    3. Anonymous Coward
      Anonymous Coward

      Re: 55 percent?

      Sites are getting better at mandating tougher passwords

      Which can bring its own problems. I recall some years ago being sat in a meeting discussing the recently introduced password policy. This was; must be at least 8 long, must contain at least one capital letter and at least one number. It also had to be changed regularly and reuse was not permitted.

      I opined that as we were a mixed environment, a lot of the legacy stuff was stuck with 8 as a maximum and that users were lazy SOBs who would try to stick with the one, most would be a 7 letter dictionary word, with the first capitalised and with a number on the end. Probably either zero or one. I then pointed out that any decent password cracking tool given that much of a hint shouldn't even break step coming up with the answer.

      The number of red faces around the table that produced was very scary indeed.

      1. ScottME

        Re: 55 percent?

        There was a spoof corporate directive circulating in IBM about 20 years ago on the subject of password standards. It started out OK, then degenerated into a series of ever more ridiculous requirements and restrictions. The punchline was something like this: "Compliance with these rules means that there is only one possible password. Employees should see their manager to be issued with it."

        1. Anonymous Coward
          Anonymous Coward

          CORPORATE DIRECTIVE NUMBER 88-570471

          CORPORATE DIRECTIVE NUMBER 88-570471

          In order to increase the security of all company computing facilities, and to avoid the possibility of unauthorized use of these facilities, new rules are being put into effect concerning the selection of passwords. All users of computing facilities are instructed to change their passwords to conform to these rules immediately.

          RULES FOR THE SELECTION OF PASSWORDS:

          1. A password must be at least six characters long, and must not contain two occurrences of a character in a row, or a sequence of two or more characters from the alphabet in forward or reverse order. Example: HGQQXP is an invalid password. GFEDCB is an invalid password.

          2. A password may not contain two or more letters in the same position as any previous password. Example: If a previous password was GKPWTZ, then NRPWHS would be invalid because PW occurs in the same position in both passwords.

          3. A password may not contain the name of a month or an abbreviation for a month. Example: MARCHBC is an invalid password. VWMARBC is an invalid password.

          4. A password may not contain the numeric representation of a month. Therefore, a password containing any number except zero is invalid. Example: WKBH3LG is invalid because it contains the numeric representation for the month of March.

          5. A password may not contain any words from any language. Thus, a password may not contain the letters A, or I, or sequences such as AT, ME, or TO because these are all words.

          6. A password may not contain sequences of two or more characters which are adjacent to each other on a keyboard in a horizontal, vertical, or diagonal direction. Example: QWERTY is an invalid password. GHNLWT is an invalid password because G and H are horizontally adjacent to each other. HUKWVM is an invalid password because H and U are diagonally adjacent to each other.

          7. A password may not contain the name of a person, place, or thing. Example: JOHNBOY is an invalid password.

          Because of the complexity of the password selection rules, there is actually only one password which passes all the tests. To make the selection of this password simpler for the user, it will be distributed to all supervisors. All users are instructed to obtain this password from his or her supervisor and begin using it immediately.

  3. Mystic Megabyte
    FAIL

    Very tempting to name and shame them.

    Last week I signed up to a site who's product is a multi-platform code creator.

    The confirmation email had the password in plain text.

    I did not bother to continue evaluating their product.

    1. Caesarius
      Joke

      Re: Very tempting to name and shame them.

      You may like to try a password of the form ***HIDDEN*** so that it looks like it is hidden.

  4. Anonymous Coward
    Anonymous Coward

    Well...

    ..if I didn't have to use a password to get a bloody postcode, or order a few nuts on bolt online, or look up the slightest bit of info, then I wouldn't.

    I have the same password across about 50 sites.

    Then more secure for emails (2 different ones)

    then unique ones for banking (always nice to use a combo of Welsh, Swiss and German and a dash of Spanish thrown in I found, especially on UK English websites)

  5. Roland6 Silver badge

    Email account password probably "very important"

    My partner tries to follow good practise and create interesting passwords for the various sites that demand them for whatever reason. The only problem is that she doesn't tend to remember them and so most of the time she just press'es the "forgot your password?" and acts on the update email... so effectively she only has one password - the password to her main email account ...

    But then since this inbox is accessible on her iPad ...

    1. Rob Carriere

      Re: Email account password probably "very important"

      In the sense you mean you always only have a single password. Even if your partner had eidetic memory, that wouldn't stop a crook from using the password reset feature.

    2. jonathanb Silver badge

      Re: Email account password probably "very important"

      ... it means that like everyone else, her entire online life is secured by a 4 digit PIN.

      1. Roland6 Silver badge

        Re: Email account password probably "very important"

        >... it means that like everyone else

        I thought only those who's iPad is controlled by IT and geeks actually knew of and used the PIN feature ...

  6. Waspy
    Facepalm

    No mention if 2-step verification?

    This is a brilliant tool and one i use wherever it is available. I have a monster password for my Gmail but i don't worry about unauthorised access attempts anyway because i get a text message/email every time someone tries to login from an unknown source. If more people knew about this feature there would be a lot less email break-ins, but then as AC above noted, people generally can't be fucked spending an extra five minutes tightening up their security

    1. jaminbob

      Re: No mention if 2-step verification?

      The only problem with that, and granted, it may not be a problem for many, is what you do if you lose your mobile / get mugged / are abroad / don't have coverage / ran out of battery.

      Don't get me wrong, great feature, but in some ways, my email account is more reliable and important than my mobile to me... maybe i'm weird.

      1. Cliff

        Re: No mention if 2-step verification?

        You fall back on the 10, printed, once-time emergency codes you put with your stash of other physical treasures. It's a good system, it works.

      2. Flywheel
        Thumb Up

        Re: No mention if 2-step verification?

        "what you do if you lose your mobile / get mugged / are abroad / don't have coverage / ran out of battery"

        Gmail at least has a set of emergency codes which they recommend you print out and put in your wallet. Sorted.

  7. Paul Webb
    FAIL

    Password length

    It would help if some sites didn't limit the length of password to, for example, 10 characters. Why take security seriously when some companies so obviously don't?

  8. Tom_

    Bug Me Not

    Just use something like bugmenot.com for all those sites that want you to have a password, but where you coudn't give two shits.

    eg. http://www.bugmenot.com/view/theregister.co.uk

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Bug Me Not

        Just tried bugmenot .... my corporate firewall refuses to allow me to go there on the basis that its a "copyright infringement" site!

    2. Anonymous Coward
      Anonymous Coward

      Re: Bug Me Not

      Hmm that seems much easier than just harvesting clear text passwords off the corporate network.

      Yes I'm still looking at you reg!

  9. Cliff

    Low hanging fruit

    As long as most people still use abc123 or password1, you don't need staggeringly complex pass phrases. If you are in a field with a hungry carnivore you don't need to run fastest, just faster than somebody else. With enough low hanging fruit, you don't need to worry so much about the top branches. You get the metaphors.

    1. Anonymous Coward
      Anonymous Coward

      Re: Low hanging fruit

      "With enough low hanging fruit, you don't need to worry so much about the top branches. "

      Up to a point, and certainly true for sh*** web sites. But the "low hanging fruit" doesn't apply to much else, and particularly for people round here. If you're a coder, you are working on nice, juicy intellectual property, well worth putting some special attention into thieving. If you're a sysadmin, then you're the gatekeeper for your companies' systems, enabling all manner of wickedness if your work accounts get hacked. If you're a research scientist, then your research may be worth grubbing up (some fields more than others, admittedly). My own particular (if rather dull) line of business could make me of particular interest to a some people.

      Spammers looking to harvest a few Gmail accounts don't care and won't try very hard, but you only need to look at the reports of systems intrusion at big, technically sophisticated corporations to see that the "low hanging fruit" defence isn't the best of ideas.

  10. This post has been deleted by its author

  11. dephormation.org.uk
    Happy

    WPAD

    If you have 'Windows Proxy Autodetection' enabled (which it now is, by default, in Windows/IE) your choice of password is perhaps the least of your worries.

    Because the Brazilian operating wpad.co.uk has your proxy config by the short and curlies.

  12. Anonymous Coward 15

    Paid LastPass, with unique passwords except for some low-sensitivity sites.

    SIM and screen lock.

    Google Authenticator where possible.

    Linux at home.

    ABP and NoScript.

  13. Big_Boomer Silver badge
    Facepalm

    Password management

    I use the open-source KeePass to manage my passwords and a quick count reveals 79 accounts which require passwords. Am I supposed to remember 79 different complex passwords to keep Ofcom happy? Yes, I use the same password many times over in different circumstances but all my important accounts use complex passwords and some use other methods of identification. I have several webmail accounts that use similar passwords and all these forums & shopping sites that want you to login all get the same password as they are way less critical. Looks to me like someone at Ofcom has too much time on their hands. No surprise there as it is a "government" body and therefore by definition inefficient and full of seat warmers and appointees who constantly feel the need to justify their employment. People reuse passwords. Live with it. Better yet, come up with a better way rather than bitching at people,.... for being people.

    1. Roland6 Silver badge

      Re: Password management

      >Am I supposed to remember 79 different complex passwords to keep Ofcom happy?

      No, the Ofcom report (section 6.19 "Attitudes towards online passwords") was only interested in the actual passwords (but not usernames?) being used by a single user across multiple websites, the report didn't investigate the methods by which users managed/remembered their passwords.

      Yes password managers can be great, but they do have their own problems particularly when your machine decides to throw a wobbly. I came across this problem when my Thinkpad hiccuped a few months back and corrupted my normal user profile. Whilst I was able to create a new profile etc. etc. accessing the ThinkVantage Password Manager vault (owned by my normal user account) was challenging... My need to recover the vault wasn't just about recovering passwords, but with recovering the various usernames I had used over the years.

      1. ScottME

        Re: Password management

        Your mistake was to use "ThinkVantage Password Manager". You've entrusted your vital secrets to a piece of proprietary, Windows-only code whose quality and fitness for purpose you can never know, and which runs only on your ThinkPad, i.e. one of the systems you should have a password to access. A bit like storing your house key in a locked box inside your locked house.

        You'd do much better to use an open-source, free, cross-platform password manager such as KeePass. Even better if you use cloud storage such as Dropbox to keep the strongly-encrypted KeePass database in sync across all your machines.

        Just a bit of friendly advice.

        1. Roland6 Silver badge

          Re: Password management

          >Your mistake was to use "ThinkVantage Password Manager".

          Agree, however with more systems containing security chips (which lock the vault to the machine) and coming with various 'useful' tools including pre-installed password managers, this is certainly something that will trip the unwary, plus as you point out tools such as KeePass do need to be set up 'corrrectly' (ie. use a cloud service of some description) for the information they contain to be fully recoverable.

          Aside: I paid a second time for my mistake, entries can only be accessed one at a time through the TVPM user interface; it took a long time to extract them...

  14. Psycho Flump

    I used to have graded passwords, ranging from throwaway level to secure for online shops and such. I got caught in the Gawker hack from a few years ago. The problem with signing up with those throwaway passwords as account will only have one comment is that over the years you build up more comments, at some point the account goes from being throwaway to actually having a value. After the tedious slog through all my accounts and updating passwords I now use different passwords for every login. I then use a password manager to store them all.

  15. mark 63 Silver badge

    I like the Formula idea - you use the same password but it changes in some way depending on the URL or name of the site

    1. El Andy

      @mark63: The trouble with a formula type approach, is that if the formula is too obvious (e.g. prefixing it with ebay, paypal, google, etc) then there is no real difference to having the same password everywhere. And if it's not obvious, then, well it's not going to help when it comes to remembering things.

      Like many people here, I have a bunch of "I don't really care so I'll share the password" type of sites, where a compromised password probably isn't the end of the world. There is always the danger with that though, because somebody might find a route to exploiting it further that you hadn't considered.

      1. Anonymous Coward
        Anonymous Coward

        @ElAndy

        It's not that black and white w.r.t formulas - the formula can be somewhere in between 'obvious' and 'no help in remembering'. When teaching this stuff in awareness training sessions (along with telling them not to use the same passwords on corporate systems as they do for their personal logons outside of work) I generally get users to think of formulas that make sense to them (or are easy to reverse engineer without looking things up). Don't forget the formula doesn't have to be something that means you can instantly recall the password - just that you can get hold of it, or work it out.

        As an example THEREGISTER.CO.UK could be used in several formulas - e.g. the length of the domain name, the first and last letters, the chemical name or symbol for the element having the atomic number equal to the number of letters (e.g THEREGISTER = 11 = Na = Sodium), or the name of the xth president (11= Polk), the first letter of the number (Eleven - E), the xth book of the bible, x in hex, etc to which you could add some personal value. So the password for El Reg could easily be NaTRP0lkAndy (which is a bit extreme I admit). But if you ever forgot it, you would look at the URL and say "11 letters beginning with T ending with R = NaTRP0lk - even if you had to look up the president and chemical element it would still be obtainable. This is an extreme example but much simpler, and yet unobvious, methods do exist.

        I have 2 formulas - one for s***y sites I don't care about and one for decent ones. Even now I can go to a web site I have not visited since joining and enter my unique password - and in order for somebody to reverse engineer the password to get the formula they would need at least 2 (and probably a few more) of my passwords.

        Of course corporate policy on password changes is always still a PITA (but don't get me started on that one).

        I don't expect other to do this, or even agree that it is worth the trouble - but I'm used to it now and it works for me, which is all I need. :-)

  16. Anonymous Coward
    Anonymous Coward

    Why are we still using passwords?

    I live with two case studies (my wife and primary-school-age daughter) in why the username/password paradigm is utterly unsuitable for the Web of 2013.

    OK, you can just about forgive young'un for not being able to remember passwords, but my profoundly non-techie better half* "muddles through" by either (a) using the same password (or minor variations thereof) for just about every site, or (b) forgetting the one she set a week ago, and using the "reset" link (usually to repeat the cycle in the near-future).

    Me? Belts-and-braces - unique p/w's on as many sites as poss (the lot kept in a KeePassX database multiple-backed up across all our computers via Dropbox), 2-factor auth on all of the few sites that offer it, public-key auth for SSH, never leave computer/phone unlocked when not using it, and so on. I just get used to such "unbridled paranoia" after a while, and haven't come a cropper yet (though I haven't worked out KeePass on the iPhone to date - hope I don't have to switch to LastPass).

    If only there were a viable alternative for all us Web users (including the ones for whom saving a Word doc and ZIPping/emailing it is an insuperable challenge)...

    1. Roland6 Silver badge

      Re: Why are we still using passwords?

      Yes totally understand...

      Have you tried introducing them to KeePass? Or do they remember that you shouldn't save passwords and so invariably click "No" when KeePass asks...?

      The young'un's are generally easier to deal with as you can get them to come to you when they need to set up accounts on Mathletic's etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why are we still using passwords?

        "Have you tried introducing them to KeePass?" I tried that, but it fell on stony ground - not to be unkind to them, but operating any software more complex than a mobile phone or a Web browser is a bit of a training commitment, so we either muddle along (as earlier) or use a browser's "remember passwords" option (which, yes, largely defeats the object of HAVING passwords in the first place...).

        Thankfully, my family generally remember to "lock" the computer before leaving it, which I suppose is better than nothing...

        1. Roland6 Silver badge

          Re: Why are we still using passwords?

          "use a browser's "remember passwords" option"

          You may find the NirSoft utilities: IE PassView or PasswordFox useful to have lying around. IE PassView certainly helped me to recover my father inlaw's Fantasy Football login details so that he could use them on a new system ...

          (Aside: Yes IE might not be the most secure browser, but there are times it is useful... )

  17. phuzz Silver badge
    Thumb Up

    LastPass

    I use LastPass, so every account that matters more to me than a commenting account (I'm guessing that the standard of passwords used to comment on el'reg isn't that high) gets a unique multi-character string of gibberish.

    I used the free version for a day, and was impressed enough to give them money.

    I'm still trying to decide if I can be bothered to use Google Authenticator or a Yubi key to make it more secure.

    (Lastpass also does a better job of entering passwords than the default firefox password manager).

  18. Anonymous Coward
    Anonymous Coward

    For all websites, I use the password I got in Freshers Week to access the EMACS 2900. Happy days

  19. Wortel
    Pint

    KeePass

    Just try it out for a while, and use those brainwaves you otherwise waste on password management for more recreational purposes.

  20. Dire Criti¢
    Headmaster

    Isn't that what LastPass is for?

  21. Jim Wilkinson
    Thumb Up

    Password wallets

    For years I've been using a password wallet system. One good password to access all the individual passwords - and it's a cross-platform tool (Mac, iThing, Android...). That way I have a different password for everything - and can use ridiculously strong passwords where needed. No-brainer really.

  22. Jin

    What is needed is expanding our memory capacity for passwords

    This sort of headache can be quickly solved by expanding our memory capacity for passwords. It is not only possible but easily simple, say, just by expanding our memory capacity for passwords by way of making use of pictures, those of autobiographic memory in particular, as well as texts.

  23. Tree
    Meh

    But trust in Facebook et al has plummeted

    Hey, I trust Facebutt {to gobble my identity and pass it on.} This is wonderful if you are an exhibitionist and want to show and tell all about yourself. Just don't bank online or buy anytheing except in person or on the phone.

This topic is closed for new posts.

Other stories you might like