"That's not your password, but I do recognize that as your account code. Your password is XXXXXXX [not the actual password]."
The password he had just read off to me over the phone, is the password I use to log in to the sprint web site. From that account, I can view my bills, change my service options, and it's linked to my bank account to let me pay bills online. I was not happy. I told him so.
We had a short conversation about the security implications of reading off people's passwords to them over the phone, especially over a cell phone, and about customer service using the same password as people use to log into their Sprint web accounts that are linked to their bank accounts. I asked him to pass my complaint on, after I explained it to him. Then I was ready to move on to the reason I had called, so I asked him to continue.
The next thing he asked me:
"What is the email address that you use as your username?"
(Sprint's online system uses an email address as the login username, and I use a sprint-specific email address there that I don't use for any other purpose.)