Thursday, April 17, 2014

New Reasons to Keep Track of Login Info

Well, to be fair these aren't all new reasons per say, but there are an increasing number of consequences facing those of us that forget their login credentials.  The new consequences have ramifications which have consequences of their own...

Account Security

You may have noticed a gradual and constant shift in attitudes over the past several years when it comes to account security.  Whereas once you were allowed to remain logged in to hotmail for 13 years you are now required to login daily or weekly.  Captchas, maximum failed login attempts, new hoops required to reset passwords, sessions that time out, etc.

Contacting Support

If you lose your ability to login there are no longer numbers to call or people to talk to (yell at) until they agree to reset your password.  Google is a great example - there is no phone support for a free google account.  If you lose access to your google account and you haven't associated valid emails or phone numbers with your account (which they'll only ask you to do if you use the web interface) you may not ever be able to prove who you are to the robots.

Why now?

The reason for these beefed-up security measures is simple - the way our service providers were doing business on the internet for the last 20 years was never secure.  Their security measures were based on a blind faith attitude positing that requiring actual proof that you aren't an impostor wasn't necessary, and that for the most part no one was trying to steal account info and commit other offenses.

Of course, there have always been hackers, but in recent years people have begun to take advantage of how many intelligent, underpaid, underemployed people there are - in the US and other countries. They have set up businesses designed to defraud and take advantage of the droves of uninformed people populating the web.  There are plenty of people in the world that will work for low pay doing nefarious things, and there is a lot of money to be made by doing those nefarious things, but that's a subject worthy of another post.

Faced with these new forms of old miseries, the companies came up with more stringent security policies that make creating, recovering, and remembering login credentials, well, cOmPlIcAtEd!

Personal Reasons

Many of us have lots of email addresses, login names, userIDs, and the like.  Each site seems to have different criteria for choosing a "secure" password.  Each site needs (at the very least) a username, email, and password.  It is generally not a good idea to use the same password on each website, and there are reasons for that as well that are often unclear to the average user, such as the fact that your online identity may be indexed and cross-referenced, and your login info for other sites may be known to someone who hijacks and harvests your email and address book.

People oftentimes assume that if they are hacked, they'll know it.  Symptoms include strange emails being sent from their account, etc., and they know they need to login and change their password when they get a chance to stop the leak...


However, if you are hacked there's every possibility that you won't know it, and that instead of the hacker using your address to send out a few goofy emails or using your account to buy an xbox they will instead upload your name, home address, phone number, username, password, email history, purchase history, address book, list of logins and passwords, etc. to darknet databases where it is merged with all the other information they have collected about you and everyone you know! The information in these databases is for sale, in whole or in part, to anyone, and may not be used for years (if ever).

Being locked out of your accounts because of failed login attempts and/or permanently losing access to your account and all it's data isn't fun.  To make matters worse, when it comes to actually managing your login information the only advice you get from IT people consists of what not to do, not what to do.  They tell you, for example, not to write down your passwords - which is good advice up to a point...

The traditional method of regaining access to your accounts is always a bit sketchy... either it's far too easy to be secure or too difficult to remember when you need it (Security questions, etc.).  Also, at the end of a rather long road you oftentimes have to reset your password and then set it back to something new anyway.  The new password you create has to be different from the one you forgot in the first place (which by this time you remember).  Your new password is complicated and if you don't take action quickly, you'll forget it.  If you don't have access to the email account they send the password reset instructions to anymore... what do you do then?

And even if they do give you access again, is that what you want?  What if you aren't you?  The security is there for a reason! If someone does try to gain access to your account the security measures make a lot of sense.  The only thing you have left to complain about is that every company has a different method for allowing you to regain access to your account... but that's a first-world problem we can remedy by simply remembering our Login Info in the first place.

There is a method I've come up with to manage my own information which I'll share with you - Using Login Info Spreadsheets to Keep Track of Login Info
With this method, it's possible to keep everything straight so that you're secure and you can always regain access to your accounts simply by reminding yourself what your password is!

No comments:

Post a Comment