I’m currently engaged in a bit of a strange dispute with talkmobile. They’re over-charging me, but for some reason I can’t log in to my account. No problem – they have on-line chat with customer services – how hard can it be to sort out?
Well, it’s proving impossible. They can’t even look at my broken account because I don’t know my date-of-birth. I don’t know my date-of-birth because, for obvious reasons, I don’t give the correct one out willy nilly to any company that asks for it – only government agencies and my bank. It’s easy enough to find someone’s DOB and it should never be used as a password.
So, there are a number of other dates I use for non-critical purposes. We’ve been through these; it wasn’t one of them.
Stop press – one of the more obscure ones worked. and I’m back in, thanks to the persistence of their help team.
But this is hardly the point; no one should use a piece of information that’s a matter of public record (i.e. on a birth certificate) as proof if identity. Birthdays are commonly found on social networking sites, your employers’ records and quite likely around the office. It’s mad to use it as a password.
So how did this come about? Well, until it’s purchase by Vodafone in 2015, TalkMobile was a virtual network run by Carphone Warehouse; the same group that that owned TalkTalk (see security blogs passim). TalkTalk was split off in 2010, but their culture of security has been questioned in the past; unfairly in my view as they’re no worse than most. What was lacking from inception was any common sense approach to security issues.
Unfortunately, you can no longer visit one of the remaining Carphone Warehouse shops to get these things sorted, which means if you’re locked out of your account there appears to be no way back in. I did threaten to cancel their direct debit rights with my bank; I bet they’d recognise me then!
To add insult to injury, TalkMobile’s representative tried to blame this policy on “The Data Protection Act”. It makes a change from blaming it on migrants, I suppose.