one.network Ideas Portal
Had a situation where I needed to provide some (Member of the public-level) user feedback about security on the main 1N site (see ONENW-I-63) and initially opened up a support email via the offered method.
Took a while to make it clear to the support operative that I didn't have a technical login problem, and that really I just wanted him to feed back this advisory info about 2FA-SMS to the product team.
After he'd got the point, his action was to - without my permission - sign me up to this Ideas Portal by creating a new account here, using my email address! First clue I got was when I received a verification link via email and the option to create a new password.
This is not good sense at all, if this is what you're advising your frontline support operatives to do. I appreciate his intention was good, but you should never 'spoof signup' anyone's email address on a website when you haven't got permission and you don't own that email address.
Moreover, this Ideas Portal website is even LESS secure than the main one.network website that I first initially raised my concerns about. There is zero implementation of any kind of 2FA user validation here, at all! That's ridiculous, in 2025, folks.
Someone at this company really needs to get some proper internet security advice quickly, or you're going to struggle to maintain any credibility in this field going forward - which would be a great shame, because the idea of what you're trying to do, and the general feel of the main site is so good in every other respect, and is likely to be extremely useful to a great many users. Don't wreck such a good plan, with such casual, weak regard for user's security, pretty please!
