Utility companies and passwords

Ever since I heard it was possible I’d been meaning to set up passwords with my utility companies so that they can verify their identity to me when they turn up at my door.  This week I tried it with my gas supplier.  They said they don’t do that, but don’t worry, it’s fine, I can just check their ID card and phone up to verify that the name on the ID card is one of their employees/contractors.

I’m a little surprised, to say the least.  Anyone can make an ID card with their photo on it, and if all someone needs to do to gain trust is find out the name of a single employee of a very large company something’s not right!

So I was thinking, what secret do I and the utility company share already?  How about my account number with them?  I never throw bills away so that seems reasonably secure, although I don’t know how securely they treat it themselves.

If that was alright to use as a password, wouldn’t they have suggested asking callers for that when I was on the phone to them trying to set up a password?  What am I missing?

Has anyone else tried setting up a password like that?


Posted

in

by

Comments

5 responses to “Utility companies and passwords”

  1. greg avatar
    greg

    while a kewl concept, I used to work for a utility and the first thing that pops into my head is churn.

    Technician positions aren’t always the most stable (although you do have your lifers), If they have to give the password to the tech, and the tech leaves [quit|fired], do they make you change the password? Do they tell you the tech quit?

    Now, thats not to say that techs are bad. In fact, most of the techs I worked with are great. Sometimes lazy, but usually always helpful at the end of the day. It just seems to me that a password isn’t going to necessarily provide the long term solution for the concern you are trying to resolve.

    I can think of a few things that would be nice, but none seem very easy/convenient at this point.

    The most useful one I can think of is to allow you to enter an employee id # into their website and see a copy of that employee ID they just presented to you. Possibility of that being fraudulent is much lower, and if someone goes through that trouble to get at you/your things, you’ve got bigger problems.

  2. tim avatar

    Ah, it needs a “liveness” test. 🙂

    Perhaps they’d also need to supply the closing balance from my last bill or something. The trouble I can see with that is “that’s a different department”.

  3. Stephen Smoogen avatar
    Stephen Smoogen

    Actually it needs a third party verification issue. You don’t trust the plumber, and the plumber should not trust you (its nearly as likely you killed the owner and sitting in the house for your next victim as it is that the plumber is a fake.) You both need to have a trusted third party to confirm the others identity.

    The problem is that a third party to build enough trust mechanisms becomes a defacto government in that it has personal data AND controls trust between others.

  4. anon avatar
    anon

    > and phone up to verify

    And where will you get the number from? The ID card?

    Or perhaps you will ask them to wait while you look up the number from the phone book, then get put in a queue before being transferred from department to department.

  5. tim avatar

    Presumably from the ID card, yes, although I asked them for the correct number while I was on the phone to them.