Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

Bruce Banner

Tesco Clubcard Password

Recommended Posts

Just tried to open a clubcard account for my wife.

The password requirements are just daft, so I gave up in disgust.....

"Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)"

Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card.

Share this post


Link to post
Share on other sites

You haven't reached the stage when you have to log back in then?

Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard.

I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on.

Share this post


Link to post
Share on other sites

I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts.

The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never.

Share this post


Link to post
Share on other sites

North Koreans spend your vouchers in Tesco. NorthKorean IS a jumble of all those characters.

Share this post


Link to post
Share on other sites

You haven't reached the stage when you have to log back in then?

Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard.

I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on.

No, I didn't get that far. I could tell from the start that it was going to one of those websites that fights you to the bitter end.

She's never registered for a clubcard account and has used the card for years without ever needing an online account. All she wants to do is to tell them our new address, what a palava :(.

Share this post


Link to post
Share on other sites

I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase.

It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way.

Two abandoned carts and in the end I gave up and bought the product elsewhere.

Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff.

Share this post


Link to post
Share on other sites

My sky account password was 'sky is shit' or something like that. I had assumed they'd ask for letters 2,3 and 4 rather than the whole thing, but it was fun speaking to people about cancelling my account and being asked for my password.

Share this post


Link to post
Share on other sites

I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts.

The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never.

Surprisingly common I am afraid.

Companies love to b*gger end users and customers about with endless security restrictions and controls at the individual account level while leaving yawning holes at server, domain and network level.

Share this post


Link to post
Share on other sites

According to a book about the early days of Facebook, there was a master password that Zuckerberg casually shared with his staff for laughs, that allowed full access to any account.

There probably still is.

Share this post


Link to post
Share on other sites

And remember, the MS SQL Server 2000 default administrator credentials were user=sa;password=;

Best bit being that the account not only ran with system administrator access to the databases on the server but also inherited by default the Windows privileges of the account that SQL Server 2000 ran under. This was often set at local admin level and occasionally some idiots even used domain level admin accounts. In the latter case a simple xp_cmdshell out of SQL Server would render an entire company's IT systems vulnerable to exploitation. It was a truly magic piece of design by Microsoft.

Share this post


Link to post
Share on other sites

Just tried to open a clubcard account for my wife.

The password requirements are just daft, so I gave up in disgust.....

"Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)"[/size]

Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card.

I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. .

Share this post


Link to post
Share on other sites

I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. .

The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack.

I am all for computer security when the data being protected is valuable such as a savings account but then in those cases simple user name and password protection is not really enough and the system providers should be investing in 2 factor authentication.

It becomes much more of a pain when applied to something such as completing a workstation health and safety assessment such as I had to do recently.

Security should match the risk but from my experience it is often overloaded on protecting trivial things and then skimped on things that are really significant

There are computer based password managers out there that you can use but they in turn can become a single point of failure.

It is not a straight forward subject because no matter how careful you are you can never know for certain how lax are the security processes of organisations you supply with information.

Share this post


Link to post
Share on other sites

I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase.

It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way.

Two abandoned carts and in the end I gave up and bought the product elsewhere.

Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff.

Why didn't you just make one up? Any website that demands a phone number, I make one up.

Share this post


Link to post
Share on other sites

The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack.

We get that but the point is it's access to a club card not Fort Knox.

The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end.

As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass.

Share this post


Link to post
Share on other sites

We get that but the point is it's access to a club card not Fort Knox.

The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end.

As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass.

Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 :D.

By the way, my wife phoned Tesco this morning and they took the new address over the phone.

Share this post


Link to post
Share on other sites

Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 :D.

By the way, my wife phoned Tesco this morning and they took the new address over the phone.

No, there are ISO standards for everything. Having just looked it up it seems ISO 27001 is the one that deals with information security, the last place I worked required each employee to pass a test based on the procedures and there was tons of stuff about password strength and IT based security systems. If you failed the test you wouldn't pass your probation period.

Having said that it may well not extent to Tesco having to put such things in place that the customer end, but it does mean that they can tick a box and answer in a positive manner when asked if they take customers data seriously.

Share this post


Link to post
Share on other sites

Just tried to buy some theatre tickets, but because I have bought from them before, I am a "returning customer". The only snag is, I didn't register an account with them for that first purchase, i.e. I used some sort of guest checkout. The site now recognises me as a returning customer, and then insists I open an account (what for, do I get credit?)

OK, email addy, new password (groan) and the answer to:

Q1 Your pet's name (I don't have one)

Q2 Your favourite colour (I don't have one)

Q3 Your PIN (WTF!?)

Anyways, no matter what I filled in, it came back with "the answer to the question could not be verified".

Did the deed by phone in the end, so much easier.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   289 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.