Sunday, February 27, 2005

Should service providers force you to practice safe passwording?

While T-Mobile tries to sort out the mess following the hacking of Paris Hilton's T-Mobile account, the comany has issued a press release urging that customers take some steps to protect themselves.

While the pointers are sensible, I am surprised that none of the big online services force consumers to do this. I know that when I have to change my password at work, it cannot be fewer than X characters, it has to be a mix of uppercase and lowercase, it must contain a specified number of non-alphanumeric characters and it cannot be a password that I've already used. Services like T-Mobile, Gmail, Yahoo, Hotmail, etc. can easily be configured to require the same, I am sure. Perhaps they are concerned that customers will balk at not being able to set their passwords as "password"?

T-Mobile Statement on Security and Privacy:

"Along with the considerable resources T-Mobile has and will continue to dedicate to customer security, there are some specific actions we recommend customers take to help protect their mobile phone accounts and personal data.

-- T-Mobile customers should ensure they utilize passwords and change them frequently to safeguard personal information in the following three areas:

-- On - the Web self-service tool.

-- Attached to their account, when calling a Customer Service Representative.

-- On their voicemail box.

-- Be sure the password to access has a combination of letters and numbers.

-- Change passwords at least every 60 days; never give out passwords, even to friends or family; and memorize passwords.

-- If a device is lost, or notice suspicious activity on an account, call T-Mobile immediately.

If a T-Mobile customer has a question about service, or would like further password assistance, simply visit; or a T-Mobile representative can help you by dialing 611 from a T-Mobile phone, or calling 1-800-937-8997."

No comments: