O Canada! → Canadian → TekSavvy > [Outages] I can't login to my Teksavvy account via any means

[Outages] I can't login to my Teksavvy account via any means

I haven't changed my password.

I've been on hold for 50 minutes.

Is anyone home at Teksavvy?

Hello,

Thank you for the message. Please message us in the Direct Forum »TekSavvy Direct with your account information so we can assist you with this request.

Thank you
TSI-Ashleigh
--
TSI Ashleigh - E-Services.
Authorized TekSavvy Employee

Arg, accidentally closed the window and lost a longer post. Here's the facts:
- phone can sync email (login) for many months
- phone syncs email every 15 minutes non-peak, and every 5 minutes peak (8:00a - 5:00p)
- 9:30a is my last interaction with my phone before the problem starts
- 10:20a is the last time my phone synced email
- I noticed the failure to login alert at 10:35a
- the password actively in place on my account when Tech Support answered (50 minutes hold time) was a temporary password I've used only with TekSavvy in the past

One of two things is true:
A) My phone spontaneously forgot the password, and, I also forgot that I'd left a temporary password in place; leaving both phone and webmail logins failing.
B) TekSavvy's system reverted my account to a previous password, for reasons unknown, mechanisms unknown.

I'm guessing it's B, but I'm biased.

Anyway, situation resolved, and given the unique nature of the temporary password I'm pretty sure my account wasn't compromised, which is what I thought was going on.

Hello Studog,

Thank you for the prompt response. To confirm are you still having an issue or is this resolved now?

Thank you
TSI-Ashleigh
--
TSI Ashleigh - E-Services.
Authorized TekSavvy Employee

"Anyway, situation resolved,"

I should mention though:
The reason I possibly might have left a temporary password in place is because TekSavvy doesn't have a way for users to change their own password and have it remain unknown to TekSavvy staff.
However, I might not have left the temporary password in place because I recall the phone support person saying at the time that a strong password change & storage feature wasn't on the schedule to be fixed. I can't recall what decision I made.

That said: storing user's passwords in plaintext is a massive security problem waiting to happen. And if passwords are stored encrypted, they're effectively stored plain-text because phone support can see password in plain-text: the decrypting app is available. Whatever is accessible to TekSavvy staff is accessible to intruders.

Proper security is to have the user be able to change their own password; passwords are stored encrypted.
Flowing from that is the consequence that passwords can only ever be reset to something else after authentication, they can never be retrieved.

If passwords are stored like that, one starts to wonder what else is. Sounds like it is time for a PCI compliance check

It is a security weakness but storing passwords with reversible encryption in management systems is common. It is the easiest way to provide for a common password across multiple independent systems like email, PPPoE logins etc, including ones added or changed after a password was set.

who cares ? The passwords are only used for PPPOE logins. put on a weak password and forget about it. what are they going to do ... connect a modem and start using your teksavvy account ? They cant because only 1 account is active at 1 time and connecting physically to the network is a great way to get tracked. the only other issue is teksavvy email which you shouldnt be using anyway for obvious reasons ...never use any isp email.

1. ISP email is not portable. decide to move your service ? hooped. its primary function is to lock you in to the ISP.
2. ISP email is not their primary function and therefore neglected. unlike gmail whch makes money from gmail users, ISP email is a net loss.
3. gmail and other email services have dedicated resources to fix email problems. the ISP email team is2-3 sysadmins, part time if that. someone going to chase down the spammer who black holed your email addy on RBL by spoofing ? that what you need gmail for.
4. domains cost $10. having your custom permanent email looks professional. get a domain, then google apps or other free equivalents to handle mail for you.
5. ISP email servers often loose data and they arent backed up. changing your plan ? there goes your email. search here for more horror stories, including loss of data with no backups when users changed their plans.

Well, I'm impressed. That was a far better reply than I was expecting.
1. Agreed. If you care about portability, then this is really the only issue on your list that I agree with. I recently switched to TekSavvy from someone else, and had to update my ISP email address at a number of places. OTOH, this is the only the second switch in a decade or more, so it doesn't bother me.
2. I suppose? I can't recall a time I ever had trouble with my ISPs email. But that's anecdotal.
3. I have had trouble with gmail's various services, and I got exactly the customer service one would expect for a $0 product: nothing. That's frustrating.
I'm not aware of any RBLs that are email-based, as it's (as you point out) very easy to spoof email addresses.
4. A domain is a house, you still have to put email in it. I don't want to bother with running my own MX and I won't use gmail for certain kinds of email**.
5. I still have all my email; I never leave it on the server. So the main effect from my recent switch is that I can't directly reply from my old email: I have to reply, then switch the account to send from to my current address. But I use a client that supports that sort of thing. Not sure how common that is.

**Using gmail, your email is Google's input, and I value my privacy. Also, and I know this is my laziness, I don't bother to download my email from gmail. So the day when Google has some sort of problem, that email is toast.
I should say more specifically, I value my privacy from the US government.