As a protest vote against the Big 6 energy companies, I recently switched supplier to Cooperative Energy. Switching is painless, fill your details in online, click the button and off you go. They do of course want a password from you and I used LastPass to generate a unique one for me and memorise it.
Some time later, I went to login in to the customer portal just to see what I could do and was quite surprised to find my password didn’t work. I mentally shrugged and clicked on the Forgotten Password link and waited for the usual password reset email to arrive. I got this instead:
Dear Customer
The information you requested is…
eg!3fpp*hvfsIf you have any questions please contact our customer service team
(This is, of course, not my actual password, this is just an example that I’ll treat the same way as the Coop did.)
Here we have two immediate problems. The first is, of course, they have sent me my password in plain text in an email. We all know that’s a bad idea. Secondly, what they have sent is not actually my password. My password looks like this:
eg!3fP^P*hVFs
See what they did? For whatever reason the caret has been removed and all the letters have be converted to lower case thus making my password less secure. I sighed and went to change my password online and found I couldn’t. If I want to change my password then I have to go talk to a human to do so. This leads to problem three, which is that people generally pick stupid passwords and reuse them. I’m sure Coop Energy only employ wonderful honest people, but giving them an email address and a stupid password is only ever going to end badly for someone eventually.
I’ve spoken to Coop Energy’s customer service team and they acknowledge the problems I’ve found. Let’s hope, for the sake of a safer and more secure internet, they sort them out.
1/3..@mart_brooks
Hello Martin, I believe that you have spoken to a team member today and we really appreciate the feedback which you…
2/3…@mart_brooks have provided and the fact that you have taken your time to highlight some genuine concerns. We would like to assure…
3/3…@mart_brooks you that we are continuously working on improving access and ensuring the best customer experience possible. -Taran
RT @mart_brooks: New writing: Cooperative Energy and password security – http://t.co/BB6v94Oqob
@CoopEnergy @mart_brooks thanks to Martin for flagging that up – I’d noticed it too and just rolled my eyes. Hope CE fix proactively.
RT @mart_brooks: New writing: Cooperative Energy and password security – http://t.co/BB6v94Oqob
“@mart_brooks: New writing: Cooperative Energy and password security – http://t.co/tgW3t7scKS” #passwordmuppetry
I know what you mean. I use Co-operative energy and Telephone. They seem nice people and the prices are fair if not always the absolute cheapest. However sloppy password management is the norm not the exception so I don’t expect them to be any better than anyone else.
Only when a few big firms have had serious fines from losing all their customer data will companies take it seriously.
RT @mart_brooks: New writing: Cooperative Energy and password security – http://t.co/BB6v94Oqob
I hadn’t tried to login to Coop Energy between Bill payments but I just ran into the SAME PROBLEM still happening 3 months later. I finally tried a different link to the Coop Login page and there is now a message in red admitting there are “issues”. Try again in 24 hours (do they mean months?)