My O2 Password Change

on 25-05-2017 12:44
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
on 25-05-2017 12:44
There is a major bug with the password change service, and as "contactus" don't want to work at the moment either im posting it here.
Password complexity isn't working correctly, it is forcing me to have at least:
- 1 letter
- 1 number
- 1 special character
To start off with these enforced security checks are very restrictive. I never usually have a problem with at least
- 1 upper letter
- 1 lower letter
- 1 number
Now ok let's try a special as well. ' isn't counted as a special, neither is ! despite ! being on the list of special characters.
Please fix the password complexity rules. Instead of forcing us to have a very complex password that we are likely to forget, introduce 2 factor authentication - you have our mobile numbers anyway...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
on 25-05-2017 12:57
@MercedesS Another one for you I think
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.
- 1192 Posts
- 17 Topics
- 18 Solutions
25-05-2017 13:55 - edited 25-05-2017 14:05
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
25-05-2017 13:55 - edited 25-05-2017 14:05
Hello @Anonymous
We are sorry to hear about your problems when choosing a proper password but security is really important!
Just for testing, I have changed mine under My O2 website (are you using the app?) and seems to work for me even with special characters.
If it helps, The Open Web Application Security Project (OWASP) - a worldwide not-for-profit charitable organisation focused on improving the security of software- has a selection of punctuation characters that are present frequently used in passwords: Password special characters.
And thanks, we will pass your feedback on to the O2 Security team.
[Edited: more info about password security The Risk of Using Weak Passwords]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
25-05-2017 18:22 - edited 25-05-2017 18:25
just tried it again, and it still doesn't work.
And thanks for extra info that i already know...im a software developer with a lot of security experience tyvm!!!
Edit:
its definitely a bug, if you try to change to a password with an apostrophe in it (') then the new password isn't accepted. An apostrophe is a special character...
- 1192 Posts
- 17 Topics
- 18 Solutions
02-06-2017 12:00 - edited 02-06-2017 13:00
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
02-06-2017 12:00 - edited 02-06-2017 13:00
Hello @Anonymous,
So you are right, when you change your password if you try to use an apostrophe (') - the new password won't be accepted. Only the punctuation on the list is allowed.
Sorry you're stuck with letters, numbers and ! ? + - * < > _
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
on 02-06-2017 18:32
Thanks for looking into this, through experimenting I have found that I don't actually need a special character after all, it's just as you said, only a few special characters are supported - the rest prevent the new password from being accepted 😞
- 1192 Posts
- 17 Topics
- 18 Solutions
on 05-06-2017 09:12
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Content
on 05-06-2017 09:12
Sorry @Anonymous and thanks!

