Re: My O2 Password Change

Anonymous · ‎25-05-2017

There is a major bug with the password change service, and as "contactus" don't want to work at the moment either im posting it here.

Password complexity isn't working correctly, it is forcing me to have at least:

1 letter
1 number
1 special character

To start off with these enforced security checks are very restrictive. I never usually have a problem with at least

1 upper letter
1 lower letter
1 number

Now ok let's try a special as well. ' isn't counted as a special, neither is ! despite ! being on the list of special characters.

Please fix the password complexity rules. Instead of forcing us to have a very complex password that we are likely to forget, introduce 2 factor authentication - you have our mobile numbers anyway...

MI5 · ‎25-05-2017

@MercedesS Another one for you I think

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)

MercedesS · ‎25-05-2017

Hello @Anonymous

We are sorry to hear about your problems when choosing a proper password but security is really important!

Just for testing, I have changed mine under My O2 website (are you using the app?) and seems to work for me even with special characters.

If it helps, The Open Web Application Security Project (OWASP) - a worldwide not-for-profit charitable organisation focused on improving the security of software- has a selection of punctuation characters that are present frequently used in passwords: Password special characters.

And thanks, we will pass your feedback on to the O2 Security team.

[Edited: more info about password security The Risk of Using Weak Passwords]

Get involved! If a post answers your question, please mark it as an "Accepted Solution”.If you are new to the community, please read How to use the community

Anonymous · ‎25-05-2017

just tried it again, and it still doesn't work.

And thanks for extra info that i already know...im a software developer with a lot of security experience tyvm!!!

Edit:

its definitely a bug, if you try to change to a password with an apostrophe in it (') then the new password isn't accepted. An apostrophe is a special character...

MercedesS · ‎02-06-2017

Hello @Anonymous,

So you are right, when you change your password if you try to use an apostrophe (') - the new password won't be accepted. Only the punctuation on the list is allowed.

Sorry you're stuck with letters, numbers and ! ? + - * < > _

Get involved! If a post answers your question, please mark it as an "Accepted Solution”.If you are new to the community, please read How to use the community

Anonymous · ‎02-06-2017

Thanks for looking into this, through experimenting I have found that I don't actually need a special character after all, it's just as you said, only a few special characters are supported - the rest prevent the new password from being accepted 😞

MercedesS · ‎05-06-2017

Sorry @Anonymous and thanks!

Get involved! If a post answers your question, please mark it as an "Accepted Solution”.If you are new to the community, please read How to use the community