By Charles Miller
I really do hate this, but life just keeps getting tougher and tougher for careless people who forget their passwords. To put that another way, cyber crooks are getting better and better at hacking people’s passwords to gain access to bank accounts and can leave victims penniless. So, in response to this, financial institutions and email providers have ramped up password security. Banks, cell phone companies, email providers, and others now adhere to much stricter security protocols than in the past.
The days of being able to quickly and simply reset a lost password are now behind us. If you forget your bank’s password, you might be required to come in person to the bank, no matter that the closest branch is a thousand miles away. Forget your email password, and you might never be able to reset it unless you have your cell phone or can remember the answers to those secret questions you answered when you set up the account. Lose your cell phone, and you might not be able to get your same number back unless your cell phone provider already had your identification on file before you lost the phone.
All of this extra security is being enforced for your protection. If it were quick and simple for you to reset a password you forgot, it would be even quicker and simpler for any hacker to compromise your accounts. Your email account or cell phone number is often the key that unlocks access to your online financial accounts. If cyber crooks were ever able to access your email and/or phone, they are quite adept at emptying out your bank account the minute they get in.
One policy more and more companies now employ is called “silent fail.” It used to be that you might get a message such as, “You have tried five wrong passwords and must now wait 30 minutes to try again.” That’s now known to be an “information leak” that tells hackers to program their password-breaking robots to try four passwords and then wait 31 minutes. To thwart the hackers, when you try too many wrong passwords, the “silent fail” simply locks you out of your account without notice of such. Many times, I have heard someone say, “I know the password I typed is correct!” I used to respond, “No, it’s not,” but I have had to force myself to stop saying that. Several times I have observed that someone has entered one wrong password after another and provoked the silent fail—after which even the correct password will not work until a certain amount of time has passed. Sometimes that’s 30 minutes or an hour, or in the case of Apple, it’s believed to be 24 hours. We are not sure because if known, that would be information that would help the cyber crooks of the world.
Completing the password recovery process can be really trying and time-consuming. Gmail requires waiting 48 hours. Apple now enforces a 28-day waiting period before permitting account recovery. Recovering a lost password for an AppleID can end up taking years in addition to the mandatory 28 days, but that is a story to be continued next week.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.
