Nothing to do with Amazon

"Do you use Amazon?" came an email from a friend. I checked the email address. It was hers. "Yes" I replied with an uncharacteristic lack of verbosity. A short while later came the scam email. I rang to tell her that her email account had been hacked. She already knew. Unfortunately on this occasion the scammer had got hold of her password and taken over control of her account. It was a Yahoo account so possibly the scammer had got hold of her password from a very old leak when Yahoo had a lot of problems with security. 

The outcome is that the spammer has details of everything she has done via email and has locked her out of her email account too. As all her contacts are in it she's lost them as well.

I am often laughed at for my security measures which mean that I use a password app with a very secure password and that no two things requiring a password have the same password.  I know my master passwords for my computers and the password app and that's it. I use separate email addresses for different tasks after I learned years ago that the travel industry used to sell password lists.  

As I use Apple for all my computing/cellphone etc I rarely have to type in secondary passwords  and unlocking my phone and computer are generally by fingerprint and/or eye or facial recognition.

Anyway none of this would have been bloggable but for the fact that I decided the the loss of the rest of the day and evening to sorting out the outfall from the incident was exceptionally irritating.

When I was scammed I immediately went to change my password on that account. Google wouldn't let me. It locked my account saying that there was suspicious activity on it. The only conclusion to which I could come was that a potential scammer had recently tried to get in using an old password from one of the old Yahoo leaks. My passwords are usually changed every couple of years (or when I decide I want to waste a day looking at a screen and getting frustrated) but whatever it was Google decided I was a potential scammer. It took me many hours and a lot of coffee to convince their algorithms otherwise.

With scammers getting more and more sophisticated it behoves every one of us to keep all our passwords separate and secure. 

Passwords and Usernames

How many web pages, online stores, online services, cellphones, utility accounts and so on do you have?  I have no idea how many I have but the general list I keep (ie the low security websites and not things like bank accounts, telecoms, email accounts and so on) has just reached 100 and that's after a culling of the old ones I no longer use.

I don't know about other people but I do not use the same username or password all the time: in fact I have dozens and dozens of passwords.  Having had my American Express identity stolen on one occasion (and Amex sorted it out quickly and effectively and removed all the fraudulent charges without my even asking thus making me an even more loyal customer) I am very finicky about password and pin number security.

However my feeble brainpower is just not able to keep all that information in my head so I have a spreadsheet with it all on and I keep bank and email account information completely separate.

All of it is, however, in encrypted files of one sort or another.  I used PGP Encryption back in the day when it was free and public encryption programs were not so readily available.  Now I use various other programs including McAfee and Apple.  The only problem is that, in order to satisfy any enquiry into the security of the encryption, the passwords I use are all a full sentence long.  I've been using them for so many years I doubt I shall ever forget them.  But you never know.  And if that happens........