Telstra fails basic security checks

Telstra is exposing customers’ accounts to unauthorised access by failing to ask for passwords over the phone.

In most cases simply a date of birth and full name is required when customers call the telco. Telstra argues it isn’t legally required to check passwords, something which James Turner, a security industry analyst at IBRS, says defeats the purpose of allowing account passwords.

Read more: Telstra fails basic security checks

Story added 30. July 2012, content source with full text you can find at link above.