h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

It *is* something that was raised as an issue in testing when the accounts first switched to this new system - because of the initial nickname being the login name and thus visible - negating half of the security. But that simply shouldn't happen by accident with your cookie method of entry unless there are serious issues with the cookies, ie one can easily change into another. Even then the security question apparent free pass shouldn't have been possible.

Since you don't seem to have gotten a response on this thread, you could try h2g2supportATbbcDOTcoDOTuk.

Ooh, the IT stories I could tell...

We don't understand why this has happened, but have passed it onto the relevant technical teams. Thanks for letting us know about it.

Hi. This isn't really user 758965 - It's Jim Lynn. I'm just posting to confirm that we're able to reproduce this bug, and to say that it appears to affect only this one account. I'm passing all the details over to the SSO team so they can investigate further and hopefully fix the problem. From what little I know about the details involved, I'm reasonably confident that this bug can't allow any other accounts to be taken over, but it does mean that there's a path the user can take which would mean that whoever they were, they could end up being logged in to this account.

And this is me - just posting to confirm the previous post really was me.

> "whoever they were, they could end up being logged in to this account"

Well that's certainly a new version of "I'm Brian - and so's my wife"!

It's a little more general (but also more obscure) than the open password account from way back that was meant to be used by anyone as a sort of advertising space.