Passwords

online security

Microsoft Turns A Blind Eye To Phishing Scams On Xbox LIVE

William wrote to us this weekend to point out how little Microsoft does to fight phishing attacks on their hugely popular Xbox LIVE network. It's unfortunate they don't take this sort of crime more seriously, since so many kids—who by all rights should have less experience with phishing—are on Xbox LIVE. Below is what two different Xbox CSRs told William when he contacted them to complain about phishing attacks. More »

11:10 AM on Tue Oct 6 2009
By Chris Walters
7,748 views, 71 comments

Most discussed custommadescare: Correct me if I'm wrong, but can't you limit your online correspondence to only the people that you are friends more »

security

American Express Wants You To Use Lame Passwords

We're no longer indignant about Amex's weirdly lax security policies anymore, we're just confused. Why would a major credit card company cold call new customers and insist they give up bank and address info over the phone, or email sensitive data to strangers? Or, we just learned, demand that you use a lame password that isn't case sensitive, is only 6 to 8 characters long, and can't contain special characters? More »

1:32 PM on Thu Sep 24 2009
By Chris Walters
7,152 views, 75 comments

Most discussed Jeff_McAwes0me: Ok computer nerds, accorting to my calculations, there are exactly 2.9017 Trillion possible passwords for AMEX (36^8+36^7+36^6, that's right, right?). more »

privacy

Direct Marketing Association's Opt Out Website Is A Joke

Jonathan wanted to opt out everyone in his family from direct marketing campaigns, something the DMA promises is possible via their website. Surprise! It turns out the DMA doesn't really care so much about whether or not you want to be taken off any mailing lists, and they have a rotten website and poor security protocols to prove it. More »

10:00 AM on Thu Sep 24 2009
By Chris Walters
5,750 views, 45 comments

Most discussed MostlyHarmless: Not only do half way decent websites NOT store passwords in plaintext, they also do not store it in any more »

security

SoCalGas' Password Policy Makes Passwords Pointless

We're not sure why a company would bother with offering a password feature on their customer accounts if they disable them without warning 3 months later as a matter of policy, but that's how Southern California Gas Company rolls. Does it really matter, you ask? It might if you're a victim of domestic violence. More »

9:34 AM on Wed Sep 23 2009
By Chris Walters
6,901 views, 28 comments

Most discussed pecan 3.14159265: I'm not clear on something, and it sounds stupid when I ask, but I'll ask anyway. The OP wants his more »

scams

Nigerian Scammers Break Into Your Gmail, Ask Your Friends For Money

Andy logged in to Gmail on Sunday, and his friend Jeff started to chat with him. Things seemed a bit off, but Andy really became suspicious when Jeff asked him to wire $500 to an injured friend in Nigeria. The real Jeff, of course, was off playing XBOX and has no friends in Nigeria. Like the scammers hitting up people's friends for money via Facebook, thieves can log in to your e-mail and chat accounts, pretending to be you. More »

8:26 AM on Tue May 19 2009
By Laura Northrup
13,746 views, 55 comments

Most discussed starzshine: I don't understand why the scammer continued to talk when the real Jeff realized what was going on. The scary more »

security key

Free iPhone App Improves Paypal And EBay Security

We've posted before about security keys—those little digital keyfobs that generate expiring security codes over and over and make it incredibly hard for someone to gain unauthorized access to your account. They're a great idea, and now if you own an iPhone you can install a Verisign app that will work with Paypal and eBay, as well as about two dozen lesser known sites. It's probably the easiest step you can take to vastly improve security on those accounts. More »

4:36 PM on Thu Apr 16 2009
By Chris Walters
8,023 views, 42 comments

Most discussed Geoff Evans: Doesn't this just make using the iPhone version of eBay and Paypal harder to use? Meaning, once you get more »

security

How To Easily Remember A Different Password For Every Site

Everyone knows that one of the best ways to protect yourself from online security disasters is to use a different password for each account. But do you do it? Probably not, because at first glance it looks like an unreasonable burden, having to either remember dozens of unique passwords or having to keep them all written down somewhere (which in itself is a security risk). The website ideashower.com offers a simple way to create a unique, easy to remember password for every account. More »

2:37 PM on Tue Mar 31 2009
By Chris Walters
23,300 views, 151 comments

Most discussed B: Needs numbers and symbols. more »

comcast

8,000 Comcast Passwords Exposed, Phishing Scam Suspected

The New York Times has reported that a list of over 8,000 Comcast user name and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn't an inside job, and that there are so many duplicate entries on the list that it's closer to 4,000 customers. More »

5:20 PM on Mon Mar 16 2009
By Chris Walters
6,861 views, 24 comments

Most discussed comcastcares: We have been reviewing this all day and here is some additional info. It is about 700 active accounts. more »

DVD Planet

DVD Planet Uses 'Ebay' For Password, Sends It To You Via Email If You Ask

Dear DVD Planet, you might want to sit down with the person who designed your customer account system and have a long talk. You know, about things like data security. After we posted this story yesterday about an Amazon shopper who was surprised to find you'd automatically created a barely secure account in his name with his data, another reader—this time a former eBay customer from nearly two years ago—decided to check whether you'd done the same thing to her. Yep! And the password was "Ebay." More »

10:37 AM on Fri Feb 13 2009
By Chris Walters
8,577 views, 24 comments

Most discussed ezacharyk: This reminds me of this past election. I was requesting information for the candidates for Senate and for most, the more »

DVD Planet

DVD Planet's Automatic Account Creation Raises Security, Privacy Issues

Joel says when he ordered a disc from DVD Planet via Amazon, the company automatically created an account for him on their website. The problem is that the default password they used was so easy to guess that he figured it out on the second try, and he suspects it's the same password they use on every account. Once you guess it, you can see the customer's past orders and credit card billing address. When Joel contacted them to have the account removed, he was told that wasn't possible. More »

8:54 PM on Thu Feb 12 2009
By Chris Walters
8,247 views, 38 comments

Most discussed normanm4: My first marriage was EXACTLY like this.... more »

alerts

Monster.com Hacked, User Names & Passwords Stolen

Last Friday, Monster.com announced that their database had been attacked, and that account names, passwords, email addresses, and phone numbers had been stolen. Unfortunately, they haven't sent out email alerts to anyone—they just put the announcement up on the security section of their site. As our tipster Erica points out, "Given people's tendencies to reuse passwords on multiple sites (BAD!), that they aren't actively emailing and informing members of this breach is quite irresponsible." More »

2:27 PM on Mon Jan 26 2009
By Chris Walters
13,202 views, 87 comments

Most discussed Framling: Wait. Wait a fucking second. What the FUCK are they doing storing passwords? No. BAD MONSTER.COM. You store HASHES of passwords. more »

privacy

Online 'Security Questions' Can Be Too Easy To Crack

The ease with which a student was able to reset Sarah Palin's Yahoo email password highlights a vulnerability of so-called "challenge questions" designed to verify your identity: if the questions are about personal details from your life, there's a risk that somewhere out there on the web, that info is visible to the public. That might be a realistic risk only for public figures, but it's also possible that friends or family members could answer your questions with a little guesswork. If you want better security, make up fake answers that you'll remember. More »

2:36 PM on Fri Sep 19 2008
By Chris Walters
6,971 views, 50 comments

Most discussed testsicles: Another good tip I read was to create a stand pin that you take onto the beginning or end of more »

apple

"Apple Just Gave Out My Apple ID Password Because Someone Asked"

All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it. More »

10:10 AM on Tue Jul 8 2008
By Meg Marco
16,745 views, 33 comments

chase

Chase Doesn't Encrypt Your Login Credentials?

We're not IT experts or anything, but when Chase writes that "all your account information is protected by 128-bit encryption to maintain the privacy and confidentiality of your data," shouldn't that mean a little lock icon on the browser window, and an https address? Update: Not necessarily, according to our commenters, although the lack of an https login screen does pose other security risks. More »

2:13 PM on Wed Jul 2 2008
By Chris Walters
9,618 views, 83 comments

Latest by pbwelch: Chase Credit Card...My experience with someone logging on to my account...Last week I was hospitalized and was nowhere near my more »

online security

Add Super-Protection To Your Logins With $5 Security Key

If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that's tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn't available anywhere online. More »

11:38 AM on Wed Oct 17 2007
By Chris Walters
2,956 views, 34 comments

Latest by djyox: I've owned one of these from the last time consumerist.com posted up about the cool little tool. Don't worry about not more »

fcc

Start Thinking Of A Password: FCC Approves New Rules To Stop Pretexting

Your phone records just got password protected. The FCC wants to keep douchebags at Hewlett-Packard from impersonating you to obtain your phone records, so they've approved some new rules to help protect your privacy. From BusinessWeek: More »

2:10 PM on Tue Apr 3 2007
By Meg Marco
1,041 views, 8 comments

email

Taking Passwords to the Grave

Reader JP, sends us this little tidbit about accessing online information after someone has passed away. From CNET: As more and more people move their lives, address books, calendars, financial information, online, they are taking a risk that some information formerly filed away in folders and desks might never be recovered. That is, unless they share their passwords, which poses security threats. More »

3:18 PM on Mon Sep 25 2006
By Meg Marco
557 views, 7 comments

Latest by Ran Kailie: We went through this nightmare after my brother died last year. I went ahead and put a listing of all more »

SUBSCRIBE TO Consumerist

Latest News from Consumer Reports