http://emergentchaos.com/archives/2006/03/sprint-security.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2006/03/sprint-security.html/comment-page-1#comment-2012 Tim Thu, 23 Mar 2006 13:54:05 +0000 http://emergentchaos.com/?p=1593#comment-2012 Your SSL link is broken. Your SSL link is broken.

]]> http://emergentchaos.com/archives/2006/03/sprint-security.html/comment-page-1#comment-2011 Adam Wed, 22 Mar 2006 18:49:54 +0000 http://emergentchaos.com/?p=1593#comment-2011 Hey, at least T-Mobile only defaults to not requiring a PIN. I can't figure out how to get Cingular to let me add one to my account. Now y'all stop listening to my voice mail, or I'll say stop again! Hey, at least T-Mobile only defaults to not requiring a PIN. I can’t figure out how to get Cingular to let me add one to my account. Now y’all stop listening to my voice mail, or I’ll say stop again!

]]> http://emergentchaos.com/archives/2006/03/sprint-security.html/comment-page-1#comment-2010 David Brodbeck Wed, 22 Mar 2006 14:23:47 +0000 http://emergentchaos.com/?p=1593#comment-2010 Sprint uses the last four digits of your SSN as a default password, too. I think the real problem with SSNs isn't so much that they're used for identification -- that was inevitable. The problem comes when they're used for *authentication* -- as a secret code to prove you're you. These are incompatible uses, and the authentication function is the more dangerous of the two. Yet Sprint and dozens of other companies still use them this way. I will say this for Sprint -- they default to requiring a PIN to access voice mail, even when you call from your own phone. When I was with T-Mobile, they defaulted to not requiring it, which became a bad idea when caller ID became easier to spoof. Sprint uses the last four digits of your SSN as a default password, too.
I think the real problem with SSNs isn’t so much that they’re used for identification — that was inevitable. The problem comes when they’re used for *authentication* — as a secret code to prove you’re you. These are incompatible uses, and the authentication function is the more dangerous of the two. Yet Sprint and dozens of other companies still use them this way.
I will say this for Sprint — they default to requiring a PIN to access voice mail, even when you call from your own phone. When I was with T-Mobile, they defaulted to not requiring it, which became a bad idea when caller ID became easier to spoof.

]]> http://emergentchaos.com/archives/2006/03/sprint-security.html/comment-page-1#comment-2009 Roy Tue, 21 Mar 2006 22:06:18 +0000 http://emergentchaos.com/?p=1593#comment-2009 Sprint hasn't changed at all. Back in about 1993, I traded changing my long distance provider (on the modem line, where I never made outgoing calls... heh, heh) for a fax modem (worth about $100 on the street at the time). The friendly Sprint rep asked if I wanted a calling card ("It's free!") and I said "sure." The card arrived, and it had my PIN not only printed, but <i>embossed</i> on it. I called immediately, and eventually was told that "most of our customers prefer it that way." The rep suggested (and I am <i>not</i> making this up) that I memorize the PIN and leave the card at home. I said that would make it tough to use the magstripe in card-accepting phones, and was told "most of those phone card readers don't work anyway." So I followed the instructions and left the card home. Three weeks later, my apartment was burglarized. The thief took my stereo, my CDs and... my Sprint calling card. Again I called Sprint, to have the card cancelled (and fortunately it hadn't been used yet). I told this representative what the previous one had suggested. The rep failed to appreciate the irony. Sprint hasn’t changed at all. Back in about 1993, I traded changing my long distance provider (on the modem line, where I never made outgoing calls… heh, heh) for a fax modem (worth about $100 on the street at the time). The friendly Sprint rep asked if I wanted a calling card (“It’s free!”) and I said “sure.” The card arrived, and it had my PIN not only printed, but embossed on it.
I called immediately, and eventually was told that “most of our customers prefer it that way.” The rep suggested (and I am not making this up) that I memorize the PIN and leave the card at home. I said that would make it tough to use the magstripe in card-accepting phones, and was told “most of those phone card readers don’t work anyway.”
So I followed the instructions and left the card home. Three weeks later, my apartment was burglarized. The thief took my stereo, my CDs and… my Sprint calling card.
Again I called Sprint, to have the card cancelled (and fortunately it hadn’t been used yet). I told this representative what the previous one had suggested. The rep failed to appreciate the irony.

]]>