[kdot]

You don't understand the proccess... The billing system password is a simple phrase to make certain changes to you Verizon account. It is designed to be shared with people authorized to make changes to the account, (ie. your kids, wife) if you speak with a call center employee they will ask you for the same password.

Calm Down.

[cynwoody]

The fact that he had successfully logged in should have been good enough for that purpose.

At most, a paranoid system might be designed to require a second login before a sensitive change, on the theory that a screen might have gone unattended. The outcome of that second logon (success or failure) is all that should be shown to a service rep. The system should immediately destroy the password after hashing it for comparison to the value stored in the database. This technique is decades old.

However, I know of vendors who do store raw passwords. This is because I have been asked to change passwords of long standing that do not stand up to silly new rules about variety of character classes, etc. If they were one-way hashing, they could not have known my old password didn't pass muster.

[ch]

Yes but just being logged in isn't evidence enough.

Someone might have lifted his account password and logged into the website with it impersonating him on the chat, and so it only makes sense to then confirm identity by challenging for that password over the same chat where he is being impersonated... hey wait a second!

[kdot]

He wasn't logged in, if he was logged into the account he could have done what he wanted no problems, the reps don't have your web password. Your chat/call in password is different, it's analogous to asking for your SSN to do an account change.

[larrywright]

I'm glad I'm not the only one that thought he was being a bit hysterical.

I'm not entirely convinced that this customer service agent could see his password. She said she had to enter it in to verify it. She may have been confused about his questions, or just flustered by his attitude.

[jen_h]

Yes--the Verizon billing system password is a 5-digit number (not an actual online account password). It's not the same as the password for the portal and I'm not sure why someone would use that as their banking password. I'm assuming he's confusing "Billing System Password" with "Website account Password."

He is right that it's not secure at all, I forget the sequence of numbers I use every other time I've called them, and they've always let me have a few tries at it...

[matterhorn]

Calm down nothing. He is correct in his complaint.

[jen_h]

In his complaint that it's not secure, he's totally correct - but the account she had in plaintext in front of her is not the same as his online (and bank? Yegads...) account password.

However, the insecurity of the Billing Code is actually worse than his website account password, as anyone could call up, figure out the 5-digit code (they've given me hints before), and change his service, request billing info mailed, etc. And good luck getting any service changed with the (more secure? Who knows...) site account password (although you do have access to billing records, which could be more valuable).