I tried to access our Cisco support account today which is registered using my email address. I couldn’t remember my password so I did the “reset password dance”. That’s where things went wrong. I entered my email. This is where it all went wrong. Normally what happens here is that the system checks to see if the email is valid. If so, it’s either sent a new temporary password or a link to a one-time-only reset URL. There’s nothing insecure about that: the email is a valid user so what’s wrong with them knowing their own password?
This is where Suckso, sorry, Cisco disagrees. They sent me an email to tell me what my email address was. [sarcasm] MAGNIFICENT! [/sarcasm]. To reset my password they gave me a URL. I followed that.
It went on to ask me some security questions to which I had not set answers for. How could that be optional? Back to the email. I was told to email a certain address if I did not have the answers to the optional security questions.
I did and here was the response:
“Dear Cisco Customer,
For Security Reasons noone in CISCO has any Access to your Password or Security questions. If the online Password reset does not work for any reason including but not limited to forgotten answers to security questions you will unfortunately have to register a new account.
Kind regards,
Francis Veltman
Cisco Frontline
Working Hours:
mon-fri: 7am-4pm GMT”
What? I should contact them so they could tell me that they would not help me? Cisco … YOU SUCK!