Passwords!!!

Any correspondence should be addressed to:
1492 Donald J Boulevard
Trumptontownsville
Great-Again-America

email: dealgenius@planetzygon.con

I never put any bank details in files on my computers - though recently I've noticed one bank sending me email "receipts" of transactions with some material which could be intercepted. That seems really clever! It would have to be linked to other information, to be really useful to an attacker, but some of those guys are really resourceful.

I also noted that if I look at some of my statements online (which hopefully is secure) and then for convenience take a screen shot, that Apple in its infinite wisdom may treat that as a photo, and upload that screen shot to its iCloud. Very poor.

Re the password file loss, I did have to phone one organisation today to force a reset - as the online "I forgot" thing didn't work, but in fact it looked as though that wasn't because I couldn't find a password, but because something wasn't working at the organisation end of the link. Mostly this loss of passwords is not such a nuisance, though I did find having the app with the data useful to reduce the need for me to go looking for paper copies.

One thing which would be worth doing though, is to have a sheet with passwords for computer access, so that if anything unfortunate happens (to me, or ...) , others can access one's computer. I have produced such a sheet - handwritten of course, though I fear that those who might actually need it/find it useful, don't actually know about it (I have mentioned it), so wouldn't know what to do anyway!

Common sense wold probably dictate that those you trust would be able to figure out what the list was for, and in the emergency, try them out on your computer.

I had a very strange experience 2 days ago when logging in to my online bank accounts. Before being put through to them a message intervened, informing me that my bank was not up to date with information on me, and asking me to click a link at the bottom of the page. This led to a page which asked me to change the details printed in the category boxes concerned - one of which appeared to be my account number (if I remember correctly), but substituting a succession of asterisks in the middle. I deleted this, typed in the actual digits, and my password into the box beneath. The message then came back saying "incorrect information". After several unsuccessful further attempts, I decided to back page, and instead of doing as I had been requested jumped to the actual accounts page, which to my huge relief then came up, as per usual. I've no idea what that was all about!

Possibly you've just given your password to your account away. I suggest you either go to the bank to get the account checked, and change the password in the branch, or failing that try to change your password yourself - preferably on a different device.

Don't ever follow links which request you to confirm details.

However some banks are stupid enough not to follow their own rules, so you might be OK.

Every so often I completely fall out with gmail. This particularly can happen if I move around the world. Gmail gets suspicious of my devices and won't let me use the email. I suppose it detecta I'm in a different geographic region or time zone and then "it can't be me, can it?" I used to try to change the passwords when that happened, but it was a faff, and then I had to change all the devices back at home to the new password. In recent years though I noticed that just leaving things alone for a few hours, or perhaps even a day was sufficient for gmail to start working again.

It's not guaranteed to work, but might. It is a complete pain when gmail behaves like that. It's been like that for years.

The most patronising registration process as far as passwords go is Northern Powergrid. I wanted to contact them but had to register first. I have a regime when it comes to passwords and so entered the one suitable to Northern Powergrid. Back came the patronising response 'Not good enough..it can be cracked in 1 minute'. I thought maybe if they put as much effort into a proper login system that locks the account after three failed attempts would preclude any brute-force attacks such as they were suggesting could be used to break my password. And in any event it's not as if I'm signing up to a bank system, for example !

So I had another go with a variation. "Getting better...this will take 6 minutes to crack" came back the patronising response.

And another go....losing patience now. Might also have helped if the numpties actually told you what you had to include such as special characters etc. A bit like any sensible organisation does.

In exasperation I put in a very long string of expletives telling them where they could shove their password ..."Excellent" was the reply. "This will take 11 years to crack".

Make sure you don't wear your 'f' key out!

I dont know if it is a good system , but I tend to use one password ( or slight variants of it as requured by the system , such as special charactersfor things where security might not be too vital, EG my RAH account and a reset might not be tricky) and one other for anything more likely to be hacked/phished/ whatever.

However re banking , which I expect most sensitive and concerning area for most people, as my affairs are are pretty straightforward , I avoid online banking ( having once had an online attack) by using First Direct. I am hesitant to recommend a huge bank , but their customer service rankings are always the best, service is excellent, and I can do all the things I need to, and avoid all that online faff.
Well worth trying if you want to get away from online banking.

i still don't know if passwords really are necessary. I heard one security expert a while back say that some sites can tell who "you" are within seconds, by examining other data - IP addresses and maybe other characeristics. Often it seems to me that passwords are just so that organisations you really don't want to have much to do with can screw you - bombard you with adverts and spam email etc., and have very little to do with protecting end users. Or am I being just too cynical?

I do have (hopefully) much tighter control of some aspects of my online life than some other aspects.

Maybe go back to phone banking? HMRC now use voice pattern recognition for telephone enquiries. My bank has recently got rid of virtually all of its telephone accessible services ( on cost grounds, I imagine). Perhaps time for a rethink?

OG

As of this morning I have 199 passwords for different sites. Managing them is a continuing challenge and whatever process you do use needs to be simple, effective, and fail safe. I'm afraid I use a password protected file on my PC (which is certainly not recommended by cyber-security experts) - trouble is I recently couldn't remember that password - as I tend to enter it automatically without thinking when I need it, and my mind just went blank. Fortunately after a cup of tea, it all came back! I also have a password for my PC - forgot that too, about 12 months ago, but after a while I remembered it.

I really fear for my descendants, who may have to make sense of my confidential information after I have gone to a better place! (Hope I'm not asked for a password when I arrive wherever I'm going!)

Aaaargghh! Passwords!!!! And other security words/numbers. One bank I use needs 'memorable data' (e.g. words you choose), a ten-digit customer number and a six-digit passnumber in order to log on. Mrs A and I don't store them on phones/computers. We have a clip folder with them all in. Hope no-one burgles the house.

"Security Theatre" is a very powerful thing IMV

After trying to use computer databases which failed, I've now switched back to a paper - book based copy.

Trying to consolidate some passwords between devices - e.g. iPlayer and TVs and multiple devices - total pain. Curious is that I think I've changed the BBC password, yet other devices are still working. I suspect it's just a chaotic mess really!

I have this afternoon spent an hour and a half failing to get into my gas supply account with E.ON, using the password I wrote in my address book when I decided for online a year ago, having received an email from them asking me to give them a gas meter reading. Three quarters of that time was wasted repeatedly attempting to log in, using variants of the email address and post code they wanted but obviously already had in order to contact me - capitals, no capitals, spaces etc. The next 5 minutes was spent fruitlessly trying to re-register; when the registration process finalised, I managed to access the account, but was unable to find the facility I had been told would enable me to request contining to receive my demands by post. I then found that in my evidently befuddled state I had registered two new accounts. On returning to the email to access the first one, so as to register my reading, a message popped up saying oops, something had gone wrong. At which point I rang the phone number advised in case of problems, got through to a young woman after a lot of voice dictation to a machine and punching numbers on my phone keyboard, and she took the details, saying I would receive a new statement by next Friday, and commiserating over the difficulties of new technology! "Well, I am 73" I admitted. "I'm only 21" she said. "Well" I told her, "you must be getting old!"