Searching...

Mobile Products & Network

Reply
Highlighted

Disable automatic dashboard login

DaveJS

When navigating to https://www.optus.com.au/customercentre/myaccount/dashboard (the URL that the "Check Usage" link from the optus.com.au home page lands on) I get automatically logged in with the security tip:

 

Take care when tethering - Any device tethered to your phone
will be able to access this page and see your account details.

I'd like to turn off the feature though, especially on my "My Broadband Plus connection" - which is obviously designed to be shared and as such gets used by all devices in the house, so would always be "tethering".

 

Is there some option to switch off the automatic login?

Re: Disable automatic dashboard login

markdennis

Yes, you will need to clear website history and data of your browser

 

for google

  1. On your computer, open Chrome.
  2. On your browser toolbar, click More More Tools Clear Browsing Data.
  3. In the "Clear browsing data" box, click the checkboxes for Cookies and other site data and Cached images and files.
  4. Use the menu at the top to select the amount of data that you want to delete. ...
  5. Click Clear browsing data.

https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=en

Re: Disable automatic dashboard login

DaveJS

This isn't a solution to the problem.

 

A fresh browser instance is being logged in automatically by the SAML IdP due to some automatic recongnition of the connection (client IP?).

 

Clearing cookies doesn't help, it logs the session out, it does not prevent anyone arbitrarily "tethered" from having access (hint: if it did, why would there be a warning about tethering in the first place?).

 

Just to be extra clear, yes I have tried browser instances in which I have cleared all cookies, history and cache. I've also tried from other devices on which I definitely haven't entered credentials...

Re: Disable automatic dashboard login

Kartika

Hey @DaveJS, thanks for reaching out to us as I can understand your concerns with regards to auto login into My Account. It seems the browser has saved the password as such it is automatically logging you in. Can you follow these steps to remove My Account website from that list - open the browser then:

  1. Open the Tools menu.
  2. Select Internet Options.
  3. Click Content.
  4. Under AutoComplete, click Settings.
  5. Click on Manage Passwords.
  6. Click on the Web Credentials Manager.
  7. Click on the drop down arrow by the web site you want to remove the password.
  8. Click on Remove. 

Let us know how you go. 

Re: Disable automatic dashboard login

[ Edited ]
DaveJS

No, not even close.

 

I can reproduce the problem in a fresh browser as a fresh user in a VM. It is not a saved password, it is not a cookie, it is not cache.

 

Before anyone else replies consider actually reading the warning:

 

Take care when tethering - Any device tethered to your phone
will be able to access this page and see your account details.

Why would whoever developed that dashboard display that warning for cookies or saved passwords in a browser? (Hint: neither of those cases would share to a new device accessing via the "tethered" connection).

 

There's a fundamental problem here where a service designed to be used by multiple people is also set up with authentication that only makes sense on a personal device.

Post a Reply
iPhone X now available to order

Stock will be limited.Read More

Top Contributors
26 Kudos
13 Kudos
11 Kudos
8 Kudos
7 Kudos