We’ve often observed that Verizon, while offering terrific service and coverage overall, does things that make it seem like it thinks very little of its customers’ intelligence. Ars Technica has noticed that Verizon is once again behaving in a way that makes it seem that the carrier thinks its own customers are just not all that bright.
FROM EARLIER: Verizon thinks you’re stupid and Verizon still thinks you’re stupid
Ars finds that Verizon has started asking its customers to send it their own billing passwords over Twitter’s direct messaging system, which blatantly contradicts the carrier’s own advice to users that they never give out these passwords to anyone. This is particularly bad, writes Ars, because Verizon isn’t actually explaining to customers that their billing password is different from the password that they use to log into their main accounts, which means that customers who decide to respond to Verizon’s request could end up sending two different passwords over Twitter DM.
Ars also points to some research from security expert Troy Hunt, who two years ago had previously warned that sending passwords through Twitter DM is not the most secure way to help customer support access your information. And password security expert Jeremi Gosney bluntly tells Ars that “direct messages are not a form of secure communication.”
“Yes, Twitter DMs are sent over HTTPS, but Twitter does not employ end-to-end encryption, and there is no evidence that DMs are stored encrypted, so now your password is sitting in Twitter’s database in plain text,” Gosney explains. “DMs are also e-mailed to the recipient, and while Twitter recently rolled out STARTTLS support, it must be supported by both parties, and a lot of mail servers still don’t support it, so your password is likely e-mailed in plain text as well. It’s also sitting on the mail server in plain text.”
The bottom line seems to be that if Verizon asks you to DM your billing password over Twitter, politely refuse and say you want to handle matters over the phone instead.
Be sure to read Ars‘ full report on why sending Verizon your billing password over Twitter is a bad idea by clicking the source link below.