On 4/24/ 2019 10:34 AM, Seth Mattinen wrote: > That's looking at it from a technical perspective when it isn't a technical > problem. People that buy "includes wifi" from their ISP often need extreme > amounts of help with it, and thus the wifi credentials are stored and > transmitted in plain text for tech support reasons.
While I agree that the underlying need is to provide fast and effective customer service - it is ultimately a technical problem. As it's been pointed out in subsequent posts WiFi is the leading cause of customer calls to an ISP offering the service. Security and "ease of use" are often at odds with each other, and implementing the former with the latter is the challenge many of us wake up to each and every day. The information should be encrypted at rest and in transit and could easily be decrypted by the CSP platform for use by customer support staff at the time of need when cusetomers call in - which would address the concern. In my experience, bad practice is easily replicated. What else is transmitted in cleartext? Today it's the WiFi password, tomorrow it's your login, port forwarding, DMZ, and other details that are far more useful to a remote attacker than your WiFi password. -----Original Message----- From: NANOG <[email protected]> On Behalf Of Seth Mattinen Sent: Wednesday, April 24, 2019 10:34 AM To: [email protected] Subject: Re: Comcast storing WiFi passwords in cleartext? Notice: This message originated outside of Just Associates. Verify the source & exercise caution with links and attachments. On 4/24/19 8:13 AM, Benjamin Sisco wrote: > The bigger concern should be the cleartext portion of the subject. There’s > ZERO reason to store or transmit any credentials (login, service, keys, > etc.), in any location, in an unencrypted fashion regardless of their > perceived value or purpose. Unless you like risk. That's looking at it from a technical perspective when it isn't a technical problem. People that buy "includes wifi" from their ISP often need extreme amounts of help with it, and thus the wifi credentials are stored and transmitted in plain text for tech support reasons. ~Seth Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you.
