By Charles Miller
Last week I emphasized how extremely important it can be to keep your password recovery information up to date. The consequences of failing to do so can range from having to get a new email address to getting stuck with an expensive iPad that you can never use again, except as a paperweight. Over the years, I have consulted with probably hundreds of people who had forgotten important passwords and thus locked themselves out of things like bank accounts, email, and airline rewards programs. Some of these were interesting adventures indeed.
Sending a text message to your cell phone is now the most common method used by companies to verify your identity for password recovery purposes. But what if you no longer have that same phone number? When you abandon an old cell phone number and get a new one, most cell phone providers wait years before they recycle the number. In one case though, my client found they still had their old phone in a drawer, and it still had the chip in it for the abandoned number. After some discussion at the cell phone company office, they agreed to reactivate the number but only because the client was in possession of the original chip.
On another occasion, I tried phoning the number of the cell phone a client had used a decade ago. This was out of desperation because the foreign bank offered only two options: Receive a text message sent to the old cell phone number, or come in person to the bank. Incredibly, the old number had been reissued, and the young señorita who answered acknowledged she had received several text messages on “her” phone from a foreign bank she had never heard of. A deal was struck to meet at a coffee shop and, in return for a gratuity, use her phone long enough to recover my client’s bank password.
It seems a lot of us have old email addresses that have been disused for years. In one case, I was able to get the phone company in Pennsylvania to reactivate, for a price, an abandoned address. That proved to be the key to recovering the password for the client’s newer and more-important email address.
Some email providers have a policy of never recycling addresses. Other email providers such as Microsoft and Yahoo have a policy of recycling email addresses that have lain dormant for several years. This is potentially a huge security issue because cybercrooks can use automated systems to snatch up old addresses within minutes after they become available. Why? So they can make a password-reset request of your bank, and if your old abandoned email address is the one the bank still has on file, then the crooks might be able to successfully steal the funds from your account.
By now, I hope that everyone reading this has a better understanding of why it is so important to keep your contact information up to date on any account for which you might someday need to reset the password. Unfortunately, people who fail to keep their account recovery information up to date may find it difficult or impossible to recover a lost password.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415-101-8528 or email FAQ8@SMAguru.com.
