wbarnhill
Final Approach
So I found out that there's a slight (read: LARGE) security issue with ATT and new accounts. After getting my iPhone, I logged into my own account and used the passcode they gave me, after which it made me update my code. No big deal right?
Well the other day I went to log back into my account and accidentally typed in the wrong phone number. It didn't recognize my code, so I used the original code (which I remembered was the last four digits of the phone number). The system asked for an updated code, then sent me to verify the user's information... problem is, it wasn't MY information. Crap.
I called ATT customer service and told them I accidentally changed someone else's passcode, and they changed it back, but didn't mention anything about passing it along or whatever. Just surprises me.
So now I'm wondering... Since iPhone activation and usage is all via iTunes, the users don't have to log into their accounts, so it just sits there with the default password, which just happens to be the last four of the phone number. Why would ANY company issue non-random initial passcodes like that?
I wish I could make ATT change the way they handle new accounts and passcodes for their online site, but I doubt a single person would get their attention unless they started changing user info, which I'm not about to do.
Should I just not worry about it?
Well the other day I went to log back into my account and accidentally typed in the wrong phone number. It didn't recognize my code, so I used the original code (which I remembered was the last four digits of the phone number). The system asked for an updated code, then sent me to verify the user's information... problem is, it wasn't MY information. Crap.
I called ATT customer service and told them I accidentally changed someone else's passcode, and they changed it back, but didn't mention anything about passing it along or whatever. Just surprises me.
So now I'm wondering... Since iPhone activation and usage is all via iTunes, the users don't have to log into their accounts, so it just sits there with the default password, which just happens to be the last four of the phone number. Why would ANY company issue non-random initial passcodes like that?
I wish I could make ATT change the way they handle new accounts and passcodes for their online site, but I doubt a single person would get their attention unless they started changing user info, which I'm not about to do.
Should I just not worry about it?
