Dear DVD Planet, you might want to sit down with the person who designed your customer account system and have a long talk. You know, about things like data security. After we posted this story yesterday about an Amazon shopper who was surprised to find you’d automatically created a barely secure account in his name with his data, another reader—this time a former eBay customer from nearly two years ago—decided to check whether you’d done the same thing to her. Yep! And the password was “Ebay.”
passwords
DVD Planet's Automatic Account Creation Raises Security, Privacy Issues
By 2.13.09
Joel says when he ordered a disc from DVD Planet via Amazon, the company automatically created an account for him on their website. The problem is that the default password they used was so easy to guess that he figured it out on the second try, and he suspects it’s the same password they use on every account. Once you guess it, you can see the customer’s past orders and credit card billing address. When Joel contacted them to have the account removed, he was told that wasn’t possible.
Monster.com Hacked, User Names & Passwords Stolen
By 1.26.09
Last Friday, Monster.com announced that their database had been attacked, and that account names, passwords, email addresses, and phone numbers had been stolen. Unfortunately, they haven’t sent out email alerts to anyone—they just put the announcement up on the security section of their site. As our tipster Erica points out, “Given people’s tendencies to reuse passwords on multiple sites (BAD!), that they aren’t actively emailing and informing members of this breach is quite irresponsible.”
By 1.2.09
../../../..//2009/01/02/boingboing-has-the-500-worst/
BoingBoing has the 500 worst passwords. We’ll sum it up: if your password is password, 123456, or 696969, say goodbye to your identity.
Online 'Security Questions' Can Be Too Easy To Crack
By 9.19.08
The ease with which a student was able to reset Sarah Palin’s Yahoo email password highlights a vulnerability of so-called “challenge questions” designed to verify your identity: if the questions are about personal details from your life, there’s a risk that somewhere out there on the web, that info is visible to the public. That might be a realistic risk only for public figures, but it’s also possible that friends or family members could answer your questions with a little guesswork. If you want better security, make up fake answers that you’ll remember.
"Apple Just Gave Out My Apple ID Password Because Someone Asked"
By 7.8.08
All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
Chase Doesn't Encrypt Your Login Credentials?
By 7.2.08
We’re not IT experts or anything, but when Chase writes that “all your account information is protected by 128-bit encryption to maintain the privacy and confidentiality of your data,” shouldn’t that mean a little lock icon on the browser window, and an https address? Update: Not necessarily, according to our commenters, although the lack of an https login screen does pose other security risks.
Add Super-Protection To Your Logins With $5 Security Key
By 10.17.07
If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that’s tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn’t available anywhere online.
Start Thinking Of A Password: FCC Approves New Rules To Stop Pretexting
By 4.3.07
In addition to the password protection, the rules also require carriers to ask for customers’ permission when sharing private account information with business partners and independent contractors.
Taking Passwords to the Grave
By 9.25.06
Reader JP, sends us this little tidbit about accessing online information after someone has passed away. From CNET: As more and more people move their lives, address books, calendars, financial information, online, they are taking a risk that some information formerly filed away in folders and desks might never be recovered. That is, unless they share their passwords, which poses security threats.
Microsoft Fingerprint Reader Does Passwords, Not Security
By 4.28.06
We hate remembering passwords. We have enough arbitrary code phrases in our life to remember, like the one we have to try to remember when our girlfriend cinches that plastic sack over our head. So Microsoft’s Fingerprint Reader software seemed pretty cool to us.
