I currently have several mobile phones through Sprint, and I’m generally happy with the service, but one thing irks me.
I’ve had to call their customer service several times recently (to change plans and the like). Every time, in a good-faith but ill-considered effort to protect my security, they ask me to verify my identity by providing the password to my online account. WTF?!
[On these calls I always refuse to divulge my password; the rep eventually backs off and allows the use of other information to confirm my identity…]
I am no security expert, but this seems like an absurdly inappropriate policy. For one thing, my account password would end up in the hands of a bunch of customer service reps, any one of whom could become disgruntled and do evil things (well, they could do damage regardless, but more readily with this information).
For another, it seems like a really bad policy to train your customers that disclosing their password to a stranger on the phone is ok. That is literally setting them up to later fall victim to some very simple social engineering. Any company interested in protecting their customers should do everything in its control to engender in them a “No I will not give you my password!” reaction.
It seems to me that no company should ever ask a customer for their password. And I don’t think I’ve ever had any company other than Sprint do this.
On my last call with Sprint, I got one of the customer rep supervisors on the phone. She didn’t really buy my complaints about this policy, but said she’d relay my concerns up her chain. Yeah, I bet that gets far…
Am I crazy to ask Sprint to change this policy?
