Sunday, October 30, 2016

Security Fail

So I have a credit card with an electronics retailer whose name I won't mention, but it rhymes with Breast High. Because I have been updating my physical and electronic security, I was on the company's website trying to change my password to a more secure one. I last changed my passwords in 2014, so I was overdue for a change. While there, I noticed that the address they had on file was an old one that I no longer have access to. I resolved to change the address on file next.

When I tried to change the password, I got a message saying that the process had been unsuccessful. I was locked out, and now cannot get back in. Neither the old password or the new one work. I called the company, and they are telling me that they need me to read the numbers from the physical credit card in order to reset the password. I tell them that I do not have the card, nor have I had it in nearly two years.

They respond by telling me that I must read them the numbers in order to reset the password. They offer to send me a new card. I tell them that the address they have on file is an old one. She then offers to send the card to whatever address I give her.

Blink. Blink.

This "security measure" is more security theater. All anyone has to do is give their address, get a card, and then get the password. Security fail.

No comments: