Cooperative Energy and password security

As a protest vote against the Big 6 energy companies, I recently switched supplier to Cooperative Energy.   Switching is painless, fill your details in online, click the button and off you go.   They do of course want a password from you and I used LastPass to generate a unique one for me and memorise it.

Some time later, I went to login in to the customer portal just to see what I could do and was quite surprised to find my password didn’t work.  I mentally shrugged and clicked on the Forgotten Password link and waited for the usual password reset email to arrive.  I got this instead:

Dear Customer

The information you requested is…
eg!3fpp*hvfs

If you have any questions please contact our customer service team

(This is, of course, not my actual password, this is just an example that I’ll treat the same way as the Coop did.)

Here we have two immediate problems.  The first is, of course, they have sent me my password in plain text in an email.  We all know that’s a bad idea.  Secondly, what they have sent is not actually my password.  My password looks like this:

eg!3fP^P*hVFs

See what they did?  For whatever reason the caret has been removed and all the letters have be converted to lower case thus making my password less secure.    I sighed and went to change my password online and found I couldn’t.   If I want to change my password then I have to go talk to a human to do so.   This leads to problem three, which is that people generally pick stupid passwords and reuse them.   I’m sure Coop Energy only employ wonderful honest people, but giving them an email address and a stupid password is only ever going to end badly for someone eventually.

I’ve spoken to Coop Energy’s customer service team and they acknowledge the problems I’ve found.   Let’s hope, for the sake of a safer and more secure internet, they sort them out.

10 thoughts on “Cooperative Energy and password security”

  1. I know what you mean. I use Co-operative energy and Telephone. They seem nice people and the prices are fair if not always the absolute cheapest. However sloppy password management is the norm not the exception so I don’t expect them to be any better than anyone else.

    Only when a few big firms have had serious fines from losing all their customer data will companies take it seriously.

  2. I hadn’t tried to login to Coop Energy between Bill payments but I just ran into the SAME PROBLEM still happening 3 months later. I finally tried a different link to the Coop Login page and there is now a message in red admitting there are “issues”. Try again in 24 hours (do they mean months?)

Leave a Reply

Your email address will not be published. Required fields are marked *