I have the same problems. One has to wonder whether they have been hacked?

 

Just also tried accessing from my pc and both sites show that they currently are down for maintenance.

Does make you think that their servers may have been compromised, hence the emails earlier.

 

Got the same email from swarco. At first I thought it was phishing...

Anyway, it looks like there is a bigger problem, so I will give it some time.

 

Not just me then….lol. The prospect of demanding a 12 character password in an app, pity they can’t just use Face ID.

 

Same here but then tried - successfully - to log into my App account with my old password.

 

I tried to log in to both apps with my existing password first

It does say to do the recover password first. They've probably reset all the old passwords so that you hav to recover your account first.

Tried this morning on both, but I guess the servers are just a little busy as every user tries to do that adding to their morning frustrations.

12 char password - yes, a bit extreme for a charging app and probably the issue of having payment information rather than just having credit, or other card payment at chargers. I suppose they could have gone for public/private keys with a PIN and enhanced the app, but it's not required better two-factor authentication (2FA) yet. Hope they're using one-way encryption to store passwords and they've not had a data breach.

If it's any help with finding yet another password, google for pronounceable password generator. There's a few around. And use a good password storage app.

 

Read your emails guys..... It clearly stating that the password NEED to be changed and be minimum 12 characters. There is no hacking, no push-scam etc. Just follow the instruction in the email. It took me about 45 seconds to reset with new password and everything is just fine.

 

There's been a lot of cases in history when a company says you need to change your password it's because they've been breeched, so it's not surprising that people would suspect that.

 

Forcing a 12 character password is a good thing and is required for PCI DSS 4 compliance which they may be going through.

Sending emails notifying users their password will expire 14 minutes later is a huge red flag.

Project management incompetence or a data breach?

 

Forcing a 12 character password is a good thing and is required for PCI DSS 4 compliance which they may be going through.

Sending emails notifying users their password will expire 14 minutes later is a huge red flag.

Project management incompetence or a data breach?

They NEVER said that the password expire. Quote from the e-mail:

"Due to an increase in security measures on our E.Connect system, all drivers that have a ChargePlace Scotland account will be required to reset their password from 10pm on the 25th September."

Meaning that if you log before that you are OK with the old password, but afterwards you need to update your password. Where is the red flag here?
Every single database have the same trigger for passwords. Usually when you are trying to log it tells you that you need to change your password to continue. So let's not make an issue from NON issue.

 

The sudden password change request is often a sign of a breach. Seen it a few times.

 

Yep, seems blatantly obvious it's a knee-jerk response to a breach. That said, I believe they are breaking the law if they are aware data has been compromised and don't advise users of that fact.

 

If you had a policy change you'd notify users of the weakest passwords first and you wouldn't email everyone at once. You'd stagger them over days. Password recovery isn't working now at all so it's a right poopfest.

 

Password recovery worked for me just now.

 

Be.ev had the same change password request, I'm guessing it's the back end and be.ev use swarco as well.

It will be interesting if there has been a breach that has prompted the password change, or is because 8 characters takes 8hours to brie force crack and 12 characters takes 34,000 years to brute force crack and has been set as a standard by their insurers.

 

Be.ev had the same change password request, I'm guessing it's the back end and be.ev use swarco as well.

It will be interesting if there has been a breach that has prompted the password change, or is because 8 characters takes 8hours to brie force crack and 12 characters takes 34,000 years to brute force crack and has been set as a standard by their insurers.

A brie force attack? Is that where you use a potent French cheese to get access?

 

If only they just used contactless payment......

God I hate EV charging apps.

 

I'll be hoping it's more @Simon..Hewison's than @AbleArcher's reasonable guesses which matches the truth. Unless it's a serious data breach, we'll probably never know for certain.

It took me about 10 minutes to set up my new password this morning. The Swarco web site was working, unlike others' experiences, but very slow to respond (1-2 minutes to load each new page of the process). It's reminded me why I prefer contactless, or multi-charge-point-operator accounts like Electroverse: the nuisance value is diluted. That said, I usually go for the cheapest reasonable (i.e. not GeniePoint) chargers on my route rather than the most convenient to use.

 

Obviously a lot of people have millions upon millions in the current account and are worried that someone will get the money...because they have DB set up.....
There is a very simple solution....don't use CPS account. There is an option to delete your account if you want to. By not using the network will free a lot of chargers and will be easy for the rest of us to use them if we need them.
Everybody happy 😁

 

Can't login with old password. Password recovery still isn't sending a reset email.

Nothing in mail server logs showing them being bounced either. Half wondering whether my account has been deleted due to never really using it but they've not actually deleted my email off their account holders mailing list. Haven't logged into the website in donkeys.

 

Just updated both mine, no problems with lag or delays with the emails.

 

My app is still working with the old password. I use my phone to generate passwords so it’s a long password already, maybe my account details were not compromised or it’s long enough already so meets the requirement. Mind you, if they track people’s Password length that weakens their security anyway.

could be tomorrow I will have to reset.

 

Another one that is needing to be changed is Be-EV, exact same email as CPS and the site is also the exact same layout.

 

Maybe I'll try to log in to my CPS account again. Last time I tried, almost a year ago, it wouldn't let me log in, so I called the helpdesk and they said I didn't have an account. I set up a new account, and it wouldn't let me log in, saying the account didn't exist. Well then who ordered this RFID card which still works? And who's paying for it? If I hadn't lost my wallet, I'd keep using that card.

 

I have a CPS card and it seems an account too, not that I knew what the password was, so a new ~12 character one it now is. I seem to have a Swarco card too so I'd better go and have a look! Neither app is on my phone though, and I'm doing this on my desktop.

All these precautionary accounts that I've never used! If only they were on Electroverse, which I know works..

 

Hi, got my change password msg yesterday. I went through all the protocls (12 digit P/w wasn't easy). Everything seems to be working OK.

 

Anyone else having trouble with the Charge Place Scotland 🏴󠁧󠁢󠁳󠁣󠁴󠁿 App ?
Just getting an error 401 code on the log-in page.
It's only been about a month since I changed my password, following their security breach. Surely it hasn't happened again???

 

Anyone else having trouble with the Charge Place Scotland 🏴󠁧󠁢󠁳󠁣󠁴󠁿 App ?
Just getting an error 401 code on the log-in page.
It's only been about a month since I changed my password, following their security breach. Surely it hasn't happened again???

Try login on the web portal? I haven't used CPS, so don't know if they have it, but SWARCO used to have an online webportal.

 

I can log into the webpage no problem however the app is showing the error 401.

 

Yes, it is the App that I am referring to. The website is working fine, and showing account history etc, but the App just shows the error message.
Thankfully I have one of their Rfid cards, so fingers crossed that will still be working later today.