# Need help with i-choive login



## Big Mark (Apr 4, 2008)

My Dad's in Peyia right now and can't seem to connect to the internet by i-choice.

Could someone tell me the step-by-step hoops he needs to go through please? He's got a Speedtouch 585 router and THAT is showing that he is on the net, he just can't log on to any web pages, email, messengers etc. He can only reach the Cyta portal. Searching around I understand that even though he registered through Cytanet he may be connected via another service provider? Netrunner etc?

He's been on to Cyta for hours twice now, they tell him it must be his end, but nothing seems to work beyond the Cyta portal. He doesn't know what he's doing and they won't talk to me as I'm not on his line, I'm in the UK.

I know there a 2 separate login procedures he needs to follow, one requires the entry on his telephone number as the username & password and the other requires him to use a give account username & password.

We know we have all the info correct, it stopped working last Thursday and hasn't connected since.

I've logged on from the uk and walked him through the instructions here but the pages he describes are not as they appear in the instructions.

Could someone tell us how to log in please?

Ideally the URL link to the first login page he needs (the one where he enters his phone number as bothe the username and the password. Then the URL link to the page where he enters his given username and password.

He's in his 70's on his own and missing his Skypechat & mail 

Many thanks,

Mark.


----------



## Big Mark (Apr 4, 2008)

babyblues27 said:


> That's odd - have you tried calling 80008080 from Cyprus? They should be able to help your dad connect. Feel free to e-mail me at ellcyp at hotmail dot com. I can give your dad my phone number to call me. I will walk him through the login process, as I am with the same provider and will visually be able to walk him through each of the steps.


Hi Baby Blues,

Well we got this sorted by the 3rd person a Cyta this afternoon, they changed his account password, he tried again and got on. It has been working fine, it just stopped, with no change of settings and wouldn't connect on again.

I don't understand why they would make it so awkward to connect to the internet? 

I'd like to change away from that Speedtouch router, I took a Netgear over to secure incoming ports more robustly but we couldn't work out how to get it to comply with the bizarre Cyta connection ritual.

They say they do what they do for security, yet they ship the router with the internal Firewall off, Despite WPA-PSK being supported by the router they use WEP encryption on Wifi (which can be hacked in a few minutes with little knowledge) and stupidly easy passwords that are transmitted unsecured in the clear.

Strangely it would have been easier for me to configure him to use a neighbour's connection without their knowledge than to log in himself. When I go back in August I'm going to go round and tell the neighbour's how to up their security a little, they think they're ok with a WEP password. See Here, or google wep security.

When I'm there I may post a how-to tutorial on improving on cyta's shipped security level settings.

I'm not impressed with Cyta.

Thanks for your offer to walk him through and if it goes down again I'll definitely take you up on that, and conference myself in on the call. 

Thanks,

Mark.


----------



## Big Mark (Apr 4, 2008)

babyblues27 said:


> Well, I'm pleased your dad can gain access to the internet again. I agree that Cyta has some issues to sort out. Hopefully someone like you can advise them to improve their services and security. Have you heard of Primetel? I hear it's cheaper and more reliable. Unfortunately we can't install it in our area just yet. Perhaps you could research it to see if it would be a better option for your dad.


Haven't heard of Primetel no, but I'll do a little digging.

As far as telling Cyta how to do things, I'm sure someone working for them knows that they've got some issues. I did contact them and spell out some of the major concerns I had about their procedures.

I guess the more people like me inform others of the short-comings then at some point they may act.

The main issues I have are:-

1/ Complex and unclear procedure for logging on. Why ask the user to enter their phone number as the username and password on a screen when you have given them a username and password they *must not* enter in this specific form? This "login" is tied to the specific line, it wouldn't work if you entered the details from another telephone line anyway and you are currently on that line. Then you have another login page, this time the same login page for multiple ISPs? Hard to think how they could make this more difficult.

2/ Weak passwords? My dad was given a very weak password when his connection was set up. Due to the recent problems he was asked to tell the cyta representative a new password. He chose a 5 character word from the dictionary and they were happy for him to choose that so for a short while he had an even weaker one. He has no idea of the problems of simple passwords, but they should have. I got him to change it. They should require robust passwords that are more difficult to brute-force crack. They also use the same passwords for a user's login and for their email and these passwords are transmitted without the use of SSL (secure socket layer)* 
*I haven't seen this but it appears to be the case from what was described to me by my Dad.

3/ Unrealistic assumptions of use. The terms apparently specify that the connection is to be used by 1 computer? What about, Games Consoles, Internet Radios, Laptops, Wifi Enabled Mobile Phones etc.? They will work but are (I think) outside the specified usage agreement.

4/ WEP wireless configured by default. It is now trivial to break WEP encryption. Unless this is changed then a lot of people will "piggy-back" off the accounts of neighbours. In addition everything someone you steals your connection does can be traced...*to you*. The hardware they supply (Speedtouch 585) supports WPA-PSK but they don't use it, that's mad, and dangerous. I'm not sure if they implement Mac-Address filtering, a method of limiting access to specific machines, but I'll find out in August when I'm there. Mac-address filtering isn't infallible, but would deny the average casual hacker/connection hijacker.

5/ The router HAS an Hardware Firewall, but they turn it OFF. When I queried this with CYTA they said that people should use a software firewall. I agree that a software firewall is useful to detect which programs on you computer are calling out to the internet, but a hardware firewall is better at denying access to any unsolicited probing by bots/wardiallers etc. They never hit your computer to be refused. Once you get a "NO ENTRY" from a port on a specific IP address it still confirms that there is currently a machine on that IP address. Now a hacker can portscan all ports to find any that may have been left open, FTP, HTTP, RDP etc. 

6/ Port opening issues. Similar to point 5, but some people need to leave a port open. It would be nice if you could robustly control who had access to that port. The netgear allows port rules based on incoming IP address which helps. 

7/ Invalid eMail certificate??? Cyta's security validation certificate is invalid and fails Apple's security checks. This brings up the alarm bells on the computer with an "ARE YOU SURE YOU WANT TO TRUST THIS SOURCE" type message. We've stopped using CYTA's email now.

8/ Unconventional transparent proxy handling - This is a speedtouch quirk, but the way the router handles "Internal Transparent Proxy" causes some issues with some kit, specifically my Dad's Tivo. Simplified it means that the router often doesn't bother to try again when it already tried and couldn't conect, it just reports the error again.

Most of these points are beyond the knowledge of the average user, and many don't care as long as they know how to connect. In addition I simplified a lot of what I said and as a result anyone expert could pick me up on certain points, I am aware of most of them but I'd need to do an essay on each gripe to expand further.

At the very least people should make sure they switch from WEP to WPA-PSK encryption though.

Wow, that killed a slow afternoon 

Thanks again,

Mark.


----------

