User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | 7 | (show all)   Print Thread
Standard User therioman
(knowledge is power) Tue 22-May-07 08:40:19
Print Post

Re: Strong Passwords!


[re: chrisparr] [link to this post]
 
Hi Chris,

That's the point - while I understand it's a lot of resource to do this, it is amazing how customers have been asking for a long time, and now all of a sudden because of the webmail breach there is a real flurry of activity to do these things - so that gives the impression that you're only *now* truely interested in security.
Standard User deleted
(deleted) Tue 22-May-07 09:44:51
Print Post

Re: Strong Passwords!


[re: therioman] [link to this post]
 
Hi all,

I can see how we may have given that impression but wouldn't agree that we've 'not been bothered' with security up until now.

I hope everyone can see this work in a positive light. Yes, we've pulled out all the stops to implement it and yes, we've probably even surprised ourselves at the speed in which we've done it. There's definitely something to be learnt from this.

We'll be letting all customers know, whether it's through emails, newsletters or some other medium. We'll not be expecting for customers to just stumble across the information and will be pro actively pushing this.

Over the next few months we hope to phase the weaker passwords out and will look to make this a mandatory measure.

We discussed the fact that 8 character passwords may present a barrier for some potential customers, however we felt the pros of a stronger password outweighed the cons.

Kind Rgds,
Standard User deleted
(deleted) Tue 22-May-07 10:36:13
Print Post

Re: Strong Passwords!


[re: therioman] [link to this post]
 
And then in a limited capacity.


Register (or login) on our website and you will not see this ad.

Standard User h0tblack
(knowledge is power) Tue 22-May-07 11:05:46
Print Post

Re: Strong Passwords!


[re: seb] [link to this post]
 
Definitely. The best way to secure a system it to unplug it, turn it off and put it in a super-secure safe. Then probably bury it. All computer systems connected to networks are extremely open and vulnerable and all software has flaws. These things do happen to everyone no matter how proactive they are about security.

Again, I'm (clearly) not defending PlusNet and I do think there are many things they were not doing as well as they could. But the renewed interest and focus is already showing results, which has to be a good thing in the long term.
Standard User h0tblack
(knowledge is power) Tue 22-May-07 11:16:48
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
Bob, or Ian... or someone.

This isn't a dig or a whinge. It's great that this must requested change has finally be made. Well done.

But...

I'm still unsure of why the restriction was in place in the first place. It's clear that all backend systems (DSL platform login, webmail, email, portal systems, etc) all supported password which did not conform to the old restrictions. Many people had and used such passwords for a long time (yes, not a good thing from security standpoint but anyway). So, can someone answer why these restrictions put in place in the first place? And why the backend systems were happily coping with a mix of valid and apparently invalid passwords while the frontend system forced the restrictions upon people?
Standard User deleted
(deleted) Tue 22-May-07 11:58:48
Print Post

Re: Strong Passwords!


[re: therioman] [link to this post]
 
In reply to:

How come it's taken a security breach before anyone took security and so on sufficiently seriously?!?



Sorry, am I missing something?? In what way was the recent Security Breach due to the lack of Customers having Strong Passwords??

Standard User deleted
(deleted) Tue 22-May-07 12:06:56
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
>Sorry, am I missing something?? In what way was the recent Security Breach due to the lack of Customers having Strong Passwords??



That post never said it was.
It refers to all security issues. Until the breach PN hadn't taken security as seriously as it is now doing.
Standard User deleted
(deleted) Tue 22-May-07 12:39:58
Print Post

Re: Strong Passwords!


[re: h0tblack] [link to this post]
 
personally im of the opinion that they would claim that it was secure anyway - even if it wasnt...

they would however need to let the data commisioner know of such a breach though if it occured.

its good that the password changes has been implemented (at last).

Edited by deleted (Tue 22-May-07 12:45:40)

Standard User h0tblack
(knowledge is power) Tue 22-May-07 12:46:11
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
Things like lack of SSL connections, poor password rules, etc are not themselves directly related to the recent breaches, but they are signs of how an organisation approaches security.

PlusNet have not taken certain security issues as seriously as they could have done and have constantly put off various suggested improvements using the excuse of lack of resources. Now, due to being somewhat caught out, they're focussing those resources and stuff is getting done.

Not an ideal way for positive change to come about, but at least it's coming about.

Standard User h0tblack
(knowledge is power) Tue 22-May-07 12:52:31
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
Heh, you may have a point. But if they'd managed to jump from a publicly accessible system thorugh to the closed internal workplace system hosted on entirely different systems it would have been a HUGE deal. That it wasn't doesn't of course directly lead to the conclusion that Workplace IS secure.
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | 7 | (show all)   Print Thread

Jump to