T-Mobile Hotspot uses SSN for passphrase

http://catless.ncl.ac.uk/go/risks/22/72/7 [ http://accounts.hotspot.t-mobile.com/security.htm" - T-Mobile doesn't support WEP, and from the URL above, a small number of legacy sites don't encrypt your username and password. - WK] Conrad Heiney Thu, 8 May 2003 16:20:34 -0700 I just signed up for T-Mobile Wireless' "Hot Spot" service, which provides wireless Internet access via Starbucks Coffee, Borders Books, and many other semi-public places in the U.S. As a current T-Mobile telephone subscriber I was given a good deal. I was also given a user name and a passphrase, neither one of which can be changed. The user name is my telephone number and the pass phrase is the last four digits of my social security number. The obvious RISK of using the phone number and SSN in this manner is pretty awful (identity theft, etc.) but what's also quite funny is that those are the two things you need to identify yourself to T-Mobile for any other purpose, too. Try again, guys. Conrad Heiney conrad (@) fringehead.org http://fringehead.org

main page ATTRITION feedback