Training Customers To Be Stupid


Companies face a complicated choice. Make things easy for the customers, or make things secure for them.

Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security.

In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for everyone to see!

Verizon asking for customer's passwords

This is dangerous. It is likely that many of their customers recycle their passwords. Does the average customer know that their "billing" password is different from their account password?

Is it safe for people to post their phone numbers in public like that?

All a scammer has to do is ring the number, say "Hello Mrs Example, I'm calling from Verizon about your billing problem - let me take you through security..."

Some companies ask for the information via Direct Message. This is also problematic.

A train company asking for a password to be sent via DM
Ryanair asking for a password
Verizon asking for a DM'd password

This trains customers to input their password into a 3rd party site. That's a security risk - the password is now shared with Twitter.

If the company's Twitter account is ever broken into, all those passwords are available in the DM history.

There is also the risk that users will accidentally paste their details for the world to see.

I know what you're thinking - surely no one is actually dumb enough to type their password into Twitter?

Verizon phishing their own customers

*sigh*

But what else do we expect? Customers are trained to phish themselves in the name of convenience.

These basic security security practices should be obvious - but they clearly aren't. Companies which ask you to breach your own security are dangerous and should be avoided.

2 thoughts on “Training Customers To Be Stupid

  1. doesn't change the stupidity involved but the billing pw for vzw is something different from the account login pw- it's more of a verification pin. but of course most idiot customers think they mean account pw.

    1. I wonder why they don't say "Billing PIN"?
      Of course, that might get people sending them credit card PINs…

Leave a Reply

Your email address will not be published. Required fields are marked *