Written: May 11, 2016
Each morning after breakfast I start my work day by reading email messages to see what needs my attention or is urgent. This security message from Facebook stood out right away as something that I should look into right away:
The return address was from firstname.lastname@example.org, they knew my first name, the English was proper, the message made sense, and the link they wanted me to click was legitimate, https://www.facebook.com/login/. I certainly didn’t try to login to Facebook at 3:24AM using the Firefox browser on Windows 8, because my default browser is Google Chrome on Mac OS X.
Once I visited the login page I was greeted with a dialog telling me that my Facebook account was temporarily locked:
The next dialog asked if I had tried to login on Facebook from South Korea, so I replied No. The third dialog let me know that my account needed to be kept secure:
They asked me to provide a new password:
New password accepted, so now I’m all set:
The security folks at Facebook automatically noticed that someone was trying to login to my account from South Korea, which they blocked, and then for added security Facebook locked my account until I could respond to their email request to login and answer questions about my login history. I feel protected by Facebook and am quite happy to reset my password and continue using Facebook today. I did quickly look at my Facebook feed to double check that nothing had been posted as me by another person, and found the feed to be all safe. What a happy ending to the story.Tags: Facebook, security
I’ve used the free Skype app for several years now and it has allowed me to speak with other professionals in San Jose and Tokyo for free by using a computer connected to the Internet. We all setup Skype accounts, then use the app to talk on our computers instead of making expensive overseas telephone calls. Way back in 2011 Microsoft paid some $8.5 Billion to acquire Skype and they pretty much left that company alone to run their business as before, that is until just recently. I received an email update from Skype yesterday telling me that a credit in my account was becoming inactive, so I decided to login to Skype and keep my credit active.
Microsoft wanted me to login with my Skype or Microsoft account, and I selected my Skype account. Next, it showed a dialog forcing me to update my password:
The first time that I tried this update password procedure I was confirming my password and the dialog told me that the passwords didn’t match, however it would let me go back and update the first password, it would only let me update the confirmed password. Uh, that is a catch-22, I couldn’t proceed because I had a typo in my first password yet I wasn’t allowed to change my first password. The only work around was to revisit the site at www.skype.com and start all over.
I’m all for security and sometimes prodding web users to update their passwords to something more secure, but when you do that prodding you need to allow a web user to update any field on the form, not keep them stuck on the confirmation password field only.
I would expect a small company to make an annoying user interface mistake like this one, but not a major corporation like Microsoft which should know better about using best User Interface best practices that allow a user to change any form field at any time, for any reason.Tags: Microsoft, security, Skype
In the past three weeks I’ve seen three friends get their online accounts taken over, also called being hacked:
The intention of the hackers is typically one of the following:
How can you protect yourself from being hacked?
Mostly it is a matter of choosing a password that is hard to guess. Security experts suggest the following password guidelines:
It’s a real hassle to get your identity back after an online account has been hacked.Tags: security