The History
For a long time now, I've had a pay-as-you go T-Mobile 4G WiFi hotspot for when I'm in the US.
It allows me cheap[er] access to the WWW from my tablet, phones and PC. In all it's a nice bit of kit if not a bit hungry on the batteries.
Just before I go I log in to the T-Mobile website and top up the data. Sometimes $30 for 3GB, or $50 for 7GB. Which is a bit cheaper that Vodafone's £1/MB. And of course I don't have to pay the hideous charges hotels still make for Internet access [can someone explain that to me].
The Change
So originally you managed the device through my.tmobile.com and life was easy. Username and password. But then T-Mobile had the great idea to change all that and got Ericsson in to fix the service and provide an enhanced user experience. And we all know what that means.
So for months you couldn't access all the features you had and log in would fail and eventually, eventually I got the 'Incorrect Password/Username' message. Which caught me unawares. And after a few goes using what I thought was my password, I relented and clicked the 'Reset my Password' button.
And this is the e-mail I got.
I did not have to enter my username, just the phone number of the device. And the e-mail was sent to the address on file. Not that that really matters, they might as well have shown it in a pop-up.
So given that this is hardly a secure 32 character random string that allows a one-shot login, nor is it the classic 'click here to change your password' link, it concerned me somewhat.
Moreover, once I had opened the page there were all the controls to change my plan. Auto-refill, re-charge etc. All tied to my credit card. How easy for a thief to simply turn on the auto-refill and burn data like a wotsit? Well, they didn't need the card in front of them.
And that UI - ugh. Designed for a tablet, run on a PC. It fitted into a 800x600 window. And if you had a 1920x1080 display - well it still had a 800x600 display, but with scroll bars. No honest. It was all squidged up in a corner, with scroll bars. And when you changed something it popped up a dialog saying 'Updating your tablet'. Which was funny the first time. But as that wouldn't go away and you then had to click back to actually see the change, it just go annoying.
The saving grace
They've changed it all again now.
Now there's a funky T-Mobile pink image of folk dancing [no doubt on the graves of the original developers]. And you don't need your cell number and then username/password. But the auto-top-up option has disappeared and they still want 8-15 characters [one digit, one letter] as a password.
