Comcast storing WiFi passwords in cleartext?

• Previous message (by thread): Comcast storing WiFi passwords in cleartext?
• Next message (by thread): Comcast storing WiFi passwords in cleartext?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/24/ 2019 10:34 AM, Seth Mattinen wrote:

> That's looking at it from a technical perspective when it isn't a technical problem. People that buy "includes wifi" from their ISP often need extreme amounts of help with it, and thus the wifi credentials are stored and transmitted in plain text for tech support reasons.

While I agree that the underlying need is to provide fast and effective customer service - it is ultimately a technical problem.  As it's been pointed out in subsequent posts WiFi is the leading cause of customer calls to an ISP offering the service.  Security and "ease of use" are often at odds with each other, and implementing the former with the latter is the challenge many of us wake up to each and every day.  The information should be encrypted at rest and in transit and could easily be decrypted by the CSP platform for use by customer support staff at the time of need when cusetomers call in - which would address the concern.

In my experience, bad practice is easily replicated.  What else is transmitted in cleartext?  Today it's the WiFi password, tomorrow it's your login, port forwarding, DMZ, and other details that are far more useful to a remote attacker than your WiFi password.




-----Original Message-----
From: NANOG <nanog-bounces at nanog.org> On Behalf Of Seth Mattinen
Sent: Wednesday, April 24, 2019 10:34 AM
To: nanog at nanog.org
Subject: Re: Comcast storing WiFi passwords in cleartext?

Notice: This message originated outside of Just Associates. Verify the source & exercise caution with links and attachments.

On 4/24/19 8:13 AM, Benjamin Sisco wrote:
> The bigger concern should be the cleartext portion of the subject.  There’s ZERO reason to store or transmit any credentials (login, service, keys, etc.), in any location, in an unencrypted fashion regardless of their perceived value or purpose.  Unless you like risk.


That's looking at it from a technical perspective when it isn't a technical problem. People that buy "includes wifi" from their ISP often need extreme amounts of help with it, and thus the wifi credentials are stored and transmitted in plain text for tech support reasons.

~Seth
Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privi­leged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communica­tion in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you.

• Previous message (by thread): Comcast storing WiFi passwords in cleartext?
• Next message (by thread): Comcast storing WiFi passwords in cleartext?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]