Good Security or Bad Security

Verizon

Dear Valued Verizon Customer,

Customer security is a top priority for Verizon and we are currently in the process of reviewing administrative password security for the FiOS Broadband Home Routers that Verizon provides as a part of our FiOS services.

You are receiving this email because we identified that your FiOS Broadband Home Router has a “default” password (like “password1” or “admin1”). To improve the security of your Broadband Home Router, we have reset the router administrative password to match the serial number located on the router. The router username will remain the same.

Please note that there is no action required on your part: this security update will not impact use of your computer or your FiOS Internet service and will not change any of your personal network, web or email settings.

If you would like more information about this matter or instructions on how to locate the router’s serial number, please visit http://support.verizon.com/fiossecurerouter.

We value you as a customer and look forward to continuing to serve you.

Sincerely,

Verizon

Just got this email from Verizon. My first reaction was why were they updating MY password? My second reaction was, how forward thinking to proactively address security issues.

I’m leaning towards the latter. What’s your POV?

  • Nice move! Definitely forward thinking. I never would have thought of using the serial number as the password.

    • Yes. Forward thinking. Something just didn’t feel right about it, though. Was it because they updated what I thought was “my” router without asking me? Should they have notified me before they did it?

  • Hi Alan,

    I definitely believe that this was a great proactive move on Verizon’s part. When dealing with security issues, it’s better to act first to protect your customers.

    If they notified you before doing it, would you want them to wait for your reply? What if, you were on vacation? Or it was an account that you don’t read regularly?

    I would see a problem if they notified you of the change a week later (or worse, not at all!) But they seem to have sent the mail immediately. The whole process was probably automated.

    The best part was that they reset it to the serial number which means that you need physical access to it. So even if your email account was hijacked or mis-typed, you’re still safe.

    Verizon deserves kudos for this.

    Cheers
    Eric
    @ericjacques