Identity card number as default password

A mobile phone service company provided an Internet billing service to its customers through its website. A customer has to log into the system by entering his mobile phone number and password to gain access to his account information, which also include detailed call records made by the customer. However, the password was defaulted to the first six digits of the customer's identity card number. A customer complained that a debt collector accessed to his call records through the Internet billing service and caused nuisance to him and his friends.

The use of a customer¡¦s identity card number as the default password should be handled with special caution since an individual's identity card number may, for various reasons, be disclosed and known to others. Given the sensitive nature of the data and the potential risk arising from any misuse of the data, a service provider who chooses to set its customers' access password by using their identity card numbers should take additional steps to safeguard the security of the data. Such steps may include ensuring that all customers are fully aware of the default password arrangement and at the same time remind them of the importance of changing the password to a number of their choice to prevent unauthorized access to customers' accounts.