Jump to content
House Price Crash Forum

Tesco Clubcard Password

Bruce Banner

By Bruce Banner
in The off-topic forum

Recommended Posts

0
HOLA441
Bruce Banner

Bruce Banner

Posted
Posted

Just tried to open a clubcard account for my wife.

The password requirements are just daft, so I gave up in disgust.....

"Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)"

Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card.

Link to comment
Share on other sites
1
HOLA442
Battenberg

Battenberg

Posted
Posted

You haven't reached the stage when you have to log back in then?

Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard.

I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on.

Link to comment
Share on other sites
2
HOLA443
3
HOLA444
4
HOLA445
Bradbury Robinson

Bradbury Robinson

Posted
Posted

I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts.

The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never.

Link to comment
Share on other sites
5
HOLA446
6
HOLA447
Bruce Banner

Bruce Banner

Posted
  • Author
Posted

You haven't reached the stage when you have to log back in then?

Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard.

I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on.

No, I didn't get that far. I could tell from the start that it was going to one of those websites that fights you to the bitter end.

She's never registered for a clubcard account and has used the card for years without ever needing an online account. All she wants to do is to tell them our new address, what a palava :(.

Link to comment
Share on other sites
7
HOLA448
8
HOLA449
corevalue

corevalue

Posted
Posted

I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase.

It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way.

Two abandoned carts and in the end I gave up and bought the product elsewhere.

Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff.

Link to comment
Share on other sites
9
HOLA4410
10
HOLA4411
stormymonday_2011

stormymonday_2011

Posted
Posted

I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts.

The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never.

Surprisingly common I am afraid.

Companies love to b*gger end users and customers about with endless security restrictions and controls at the individual account level while leaving yawning holes at server, domain and network level.

Link to comment
Share on other sites
11
HOLA4412
12
HOLA4413
13
HOLA4414
stormymonday_2011

stormymonday_2011

Posted
Posted

And remember, the MS SQL Server 2000 default administrator credentials were user=sa;password=;

Best bit being that the account not only ran with system administrator access to the databases on the server but also inherited by default the Windows privileges of the account that SQL Server 2000 ran under. This was often set at local admin level and occasionally some idiots even used domain level admin accounts. In the latter case a simple xp_cmdshell out of SQL Server would render an entire company's IT systems vulnerable to exploitation. It was a truly magic piece of design by Microsoft.

Link to comment
Share on other sites
14
HOLA4415
Mrs Bear

Mrs Bear

Posted
Posted

Just tried to open a clubcard account for my wife.

The password requirements are just daft, so I gave up in disgust.....

"Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)"[/size]

Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card.

I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. .

Link to comment
Share on other sites
15
HOLA4416
stormymonday_2011

stormymonday_2011

Posted
Posted

I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. .

The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack.

I am all for computer security when the data being protected is valuable such as a savings account but then in those cases simple user name and password protection is not really enough and the system providers should be investing in 2 factor authentication.

It becomes much more of a pain when applied to something such as completing a workstation health and safety assessment such as I had to do recently.

Security should match the risk but from my experience it is often overloaded on protecting trivial things and then skimped on things that are really significant

There are computer based password managers out there that you can use but they in turn can become a single point of failure.

It is not a straight forward subject because no matter how careful you are you can never know for certain how lax are the security processes of organisations you supply with information.

Link to comment
Share on other sites
16
HOLA4417
Mrs Bear

Mrs Bear

Posted
Posted

I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase.

It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way.

Two abandoned carts and in the end I gave up and bought the product elsewhere.

Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff.

Why didn't you just make one up? Any website that demands a phone number, I make one up.

Link to comment
Share on other sites
17
HOLA4418
gilf

gilf

Posted
Posted

The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack.

We get that but the point is it's access to a club card not Fort Knox.

The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end.

As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass.

Link to comment
Share on other sites
18
HOLA4419
Bruce Banner

Bruce Banner

Posted
  • Author
Posted

We get that but the point is it's access to a club card not Fort Knox.

The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end.

As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass.

Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 :D.

By the way, my wife phoned Tesco this morning and they took the new address over the phone.

Link to comment
Share on other sites
19
HOLA4420
gilf

gilf

Posted
Posted

Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 :D.

By the way, my wife phoned Tesco this morning and they took the new address over the phone.

No, there are ISO standards for everything. Having just looked it up it seems ISO 27001 is the one that deals with information security, the last place I worked required each employee to pass a test based on the procedures and there was tons of stuff about password strength and IT based security systems. If you failed the test you wouldn't pass your probation period.

Having said that it may well not extent to Tesco having to put such things in place that the customer end, but it does mean that they can tick a box and answer in a positive manner when asked if they take customers data seriously.

Link to comment
Share on other sites
20
HOLA4421
corevalue

corevalue

Posted
Posted

Just tried to buy some theatre tickets, but because I have bought from them before, I am a "returning customer". The only snag is, I didn't register an account with them for that first purchase, i.e. I used some sort of guest checkout. The site now recognises me as a returning customer, and then insists I open an account (what for, do I get credit?)

OK, email addy, new password (groan) and the answer to:

Q1 Your pet's name (I don't have one)

Q2 Your favourite colour (I don't have one)

Q3 Your PIN (WTF!?)

Anyways, no matter what I filled in, it came back with "the answer to the question could not be verified".

Did the deed by phone in the end, so much easier.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...

Important Information

  I accept