Yikes... Please keep your passwords safe AND obscure!

Oct 26, 2007
2,643
3
Canada
I wanted to share this with my tpf friends so that you can, hopefully, learn from my mistake (sorry, long rant)

I have had my Hotmail account for as long as I can remember, never changed the password and it was a very easy one at that.

It all started last Wednesday when I realized I can't log in. It kept on saying "invalid credentials". I thought it was a fluke, so didn't think much about it. Then I started trying to answer my security questions, which I couldn't do. Then I started getting suspicious. I was finally able to figure out how to contact Live Help and authenticate myself by saying who were my contacts, names of old e-mail threads, and, most importantly, my IP address. I have gotten my password reset and logged in and, to my horror, saw all these eBay bids!

Obviously, tried logging in to my eBay account which I haven't used in ages but I knew what the password was because it was the same as my Hotmail (smart, I know). Thankfully, eBay's live help is more live and more helpful that Microsoft's so I was able to restore my account almost right away.

The good part is that since I haven't used my eBay for so long, my PayPal and credit card info was outdated so it doesn't look like "I" made any purchases.

I understand that this is fairly minor (compared to, say, having your credit card info or social security number stolen) but is still very unsettling and nerve-wrecking.

The only thing I could think of is that I recently used my phone a couple of times to check my e-mail. Don't know if that has anything to do with anything but I will not do it again.

Thanks for listening.
 

lilian

Member
Jan 3, 2006
1,207
3
Glad you got it sorted out.

Just a question though..if the person made bids on ebay, did they change the shipping address? Because I feel like that would be a really dumb and traceable crime...unless they really wanted YOU to get all the junk they were ordering..
 
Last edited:
Oh my! That is horrible. I'm sorry that happened to you. I'm glad you were able to sort it out before the damage got worse.

This makes me want to change my password ASAP.

I tend to use a password that is not personal in any way. When it comes time for a new password I literally look around and pick a random object: Paperclip, Blue pen, Red crayon, White cat, black car, etc. I then add numbers and some letters in upper case to make it even stronger. LOL!
 
Glad you got it sorted out.

Just a question though..if the person made bids on ebay, did they chance the shipping address? Because I feel like that would be a really dumb and traceable crime...unless they really wanted YOU to get all the junk they were ordering..
Good point.

Unless the person knows you and was trying to be mean towards you. I hope that isn't the case.
 

plumaplomb

O.G.
Dec 10, 2008
4,904
262
Burbs
every month i do a random typing of the keys ie aweijfds833. that becomes my password for the month. then i do it again. it's the best protection.
 
Oct 26, 2007
2,643
3
Canada
Glad you got it sorted out.

Just a question though..if the person made bids on ebay, did they change the shipping address? Because I feel like that would be a really dumb and traceable crime...unless they really wanted YOU to get all the junk they were ordering..
Um-m... I don't know :confused1: Wow, I'm sorry to sound dumb but I have no idea what the person expected to do with the 20 cellphones he/she bid on! No, my shipping address wasn't changed. All of my personal info was (I guess so that I couldn't verify my info by answering security questions)

But I really really don't think I ever shared my password with anybody so I don't think this was specifically targeted towards me.
 

CHmyloves

Hopelessly Addicted
Aug 6, 2008
525
0
Vancouver
That's really scary. I usually use upper case, lower case and numbers in my passwords... I might change them all now. Just to be safe.:sweatdrop:

Thanks for the reminder!
 

ShimmaPuff

Sentient IMBUSILE
Oct 12, 2006
9,752
2
Earth
Although I am very sorry about the circumstances that caused it, thank you very much for this reminder.

We should NEVER use the same password for any two things, especially any two things that involve money.

Passwords should not be our names, our birthdays, or the names or birthdays of our loved ones, our pets, or ourselves.

Especially if you are a digital native who pish-toshes my admittedly hardline privacy and security views, like if you are a person with a Facebook profile using your own name, so that once I become your online friend, with just a few minutes of searching through your comments there, here, and elsewhere, I can figure out what your password is, by trying your birthday, your boyfriend's birthday, your iguana's mama's name, the name or birthday of a favorite celebrity, historical or cultural event etc.

It should be a completely random and meaningless combination of letters, numbers, and if permitted by the entity you are registering with, punctuation.

And a special note for long-time internet users: I have a colleague, a lady I have worked with on several projects over the years, who has had her yahoo account for so long that she has a 4 letter user name.

A few weeks ago, she mentioned that she had a 5 digit password. Now this is not eBay, or paypal, or a bank, just a yahoo account. The worse damage anyone could do to her would be ruin her reputation on a couple of message boards populated by people who commit calligraphy.

Still, I ranted at her until she changed it to an 8 letter combination of numbers and letters. So if you, or anyone you know, is preserving a 5 digit password as if it were a precious antique, even if it is just a yahoo account, please annoy them relentlessly until they change it. If you can afford it, buy them a small precious antique to cherish instead.

Because as we speak, there are millions of twelve year olds all over the world who are running software programs designed to find such passwords, running them in the background while they reverse engineer things you don't even want to think about.

The least we can do is make them work for it.
 
Oct 26, 2007
2,643
3
Canada
Good post as always, ShimmaPuff

Thanks for your comments, everybody. Yes, please go and change your passwords right now! Mine wasn't anything too obvious but it was just a word. You need to make sure you include upper case and lower case, numbers and/or special characters.

The one my Lotus Notes always gives as an example when a reset is due is YrUtrying2guess?

I really hope this is over. Right now, I am trying to think of any other websites I could have used the same password on that might contain my personal or credit card information.
 

jan228

Member
May 3, 2008
1,506
16
God, I lived with someone who was a professional IT manager. Our friggin' Internet password was 46 characters long!!!

I hated them with a passion whenever my computer connection was reset, because I use a Mac and have to manually type in that stupid password every time. There's no copy and paste. :cursing:
 

truegem

O.G.
Feb 13, 2006
1,806
10
Yep...I try to change mine periodically and then always forget them and have to reset them EVERY time I want to log in to something.

When I was a network admin I had the joy of assigning passwords to users. That was not fun at all. I didn't necessarily agree with me assigning them but I had to come up with some secure combos that people could also remember because I would have ended up spending the bulk of my time resetting passwords.

I read an article once on creating passwords. The suggestion was to make all of your passwords 10-15 alpha/numeric combos. Nothing you would every remember. Then put it all in an excel spreadsheet with a hard password that you would remember.

I am overdue for changing my passwords...maybe I'll spend the day tomorrow doing changing them. I have a lot though so it is going to be a major task.