Reply to post: Re: Actual e-mail received from Talk Talk

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Padwah

Re: Actual e-mail received from Talk Talk

It's exactly the same at plus.net, I raised a complaint pointing out that there password security was attrocious. One of the highlights of the response was this:

"Thank you for your further response, in regards to a question where you asked what is stopping our staff accessing you details and taking them out of the office. We are a paperless company so sensitive information cannot be written down. And all of our systems are monitored to prevent situation of fraud occurring.

In regards to asking for a password we are only allowed to ask for specific letters from your password. A password is between 8 and 16 characters in length and depending on what you use to make up your password indicates its strength, requesting two random characters would not decrease the strength of the password.

Then there is the fact that our chat services are very secure and only you and plusnet can view what you have written. The reason why we ask for part of your password is because it is the most secure piece of information that only you and Plusnet would know, rather than address, phone numbers, etc."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019