Finally they have changed the Forgotten Username Page and retreival method.
Click on this link to retreive your username/password https://giffgaff.com/support/lost-password
But there is a flaw, if you no longer have access to the email address or there was an error in the input of the email address it's still of no use.
The best option would be to enter your mobile phone number (for the account in question) and the details be sent to that.
makes perfect sense to me
good idea, but i can easily put someone else's number and get access to their account..
sub, if you put in the number associated to the account, unless you have the phone/SIM in question, how?
It might be that the phone is stolen and therefore there could be a security issue. I like the idea though.
If the phone is stolen, and you don't remember your username hmm your in trouble.
Their can be a option for this.
When you click the forgotton username and password. Then you type your mobile number and you click confirrm it will ask if you want it by email or text.
If the phone was stolen that would be a different scenario, but as said above you could request it by email.
But no security is solid, ever. It does require a certain degree of user responsibility.
In most cases, if a phone is stolen, the first thing the theif does is remove the SIM.
Although adding the fuction above but it make the forgotton user name and password more thorough because in future someone can say oh i don't know my email address and i want to use my mobile number but want it to recieve by email.
Other than that you idea is great
Well the way round you have it is to choose when asking requesting the details and that doesn't help with security (thief knows it's a giffgaff SIM and requests the details to be sent to the phone, so that thief now has access to the giffgaff account no problem). However it could be an option that the user chooses when setting up the account to have the details sent to email OR phone. Then they have no excuses that it's insecure because they have the option to choose the level of security themselves.
So given that caveat I will add kudos.
As I said, all security does require a certain degree of basic intelligence, I aggree a squirrel might be at risk.
You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.