Monday, July 23, 2007

Your password: not a secret to Sprint customer service

If you want to change your password at the Sprint Wireless site, you're informed of the following password stipulations:

  • Must be 6 to 8 letters or numbers (A-Z and 0-9)
  • Cannot include more than 3 repetitive digits (e.g. 111)
  • Cannot be all or part of your social security number or Sprint PCS phone number
  • Should not be something easy to guess, such as your birthdate.
Such extensive precautions should be reassuring. But when you call Sprint to resolve a billing issue, as I did recently (they have not yet received the check I sent two weeks ago), you are asked to give your password for verification purposes.

And all those privacy precautions go out the window.

When I called earlier today and the representative asked for my password, I said I'm uncomfortable giving that information and asked if there is another way to confirm my identity. She responded: "I'm looking at it anyway, so you might as well just tell me."

Do you know of any other companies that routinely ask for your password? I don't. When I worked for Amazon.com customer service back in 1999-2000, we simply did not have access to customers' passwords. Sometimes customers would call and ask us to tell them their password, and the best we could do was reset their password -- because we didn't have access to this information. And that's the way it should be.

I'm beginning to understand why Sprint received the dubious honor of last place in call center satisfaction. Add to this the recent fallout from their mass dumping of customers, and it's clear that Sprint has a rather serious PR situation to attend to.

Tags:

6 comments:

Jeremy said...

That sounds really backwards. The only place that has access to anything of mine is my University in regards to my email account there.

Than again, they don't actually have my password, they just have a code to over ride it. I would consider filing a formal complaint with Sprint.

It may even be grounds for notifying the Better Business Bureau. It can't be safe handing over a password to an angry, under paid employee. All it takes is one bad apple.

I'm so glad I no longer have sprint.

Jonathan said...

Yes, I agree. No company should allow widespread employee access to its customers' passwords. I'll follow up with them on this, for sure.

Dave Licence said...

Most companies would have a 'secret word' or use random characters of your password to verify you - the staff should have no access your password ever. Sprint sound really behind the times on this one.

Jonathan said...

Indeed, Dave. I'm not sure what they're thinking.

Anonymous said...

I have never had Sprint ask for my online password; they do however, ask for a password/passphrase when I call in which is entirely different than the password I use for account online account maintenence. You can change your online account password any time you like. (Which I would recommend if you used the same password for your online account access as you do you authorized account holder passphrase.)

Anonymous said...

Even worse, I just visited a Sprint retail store a few days ago to make changes to my account. I stood so I could see the agent's screen. My full social security number was displayed IN FULL VIEW. I was shocked. There were other screens where it showed only the last 4 digits, but this screen showed the whole number.