Dumping Shaw email is a pain in the butt

TimRichards

Well-Known Member
Wow, what a pain in the butt! For two days I've been chipping away at old web logins changing my email address over from Shaw to a Gmail and upgrading my passwords using for the most part, whatever Safari suggests.
Just now I got seven emails from EBay getting through that site. Sometimes Safari does not offer to save the new passwords, and in one or two cases I've lost the password because when Safari offers to insert a password, it does not let you select and copy the suggested password. Sometimes it offers to save it right away (after approving the suggested password), but other times it waits until you close the window, which is nerve wracking, and once or twice it didn't offer to save and I wound up with an unknown password.
Through this I've had the window open to Safari passwords which closes itself off unfortunately after a few minutes, but the value there is to note and delete old now-uneeded passwords for various websites.
I'm hoping at the end of this there's a way to concisely print al my new passwords...
And I see I haven't yet changed over my contact info for VMUG hah hah, better fly at 'er...
Anyone got any tips for this process?
 

TimRichards

Well-Known Member
Further to these frustrations, I'll share this email which I have just sent, it should be self explanatory. If there is a technical rationale for this problem I'd love to know it...in short, why do websites which have upgraded their security features fail to inform users of the correct way to proceed?

Good afternoon, and happy Thursday to you.

Today I attempted to login to my 'XXXX' account.
My login credentials were not permitted. A message popped up suggesting I had a problem, that I was the source of the problem, i.e. ‘forgot password?'

Why? because XXXX, like many others, has upgraded the security of its web logins processes.

Why does it say ‘forgot password’ when I have not forgotten anything and what has actually happened is that the XXXX website has upgraded its security and prevented my access?

Why cannot the website message say, ‘Sorry, new security upgrades require that you to set a new password”??

This week I am trying to update numerous old web logins and am finding this unhelpful language on the XXXX site and others.

Why is it unhelpful? Glad you asked!

First, because it is not correct, that someone has forgotten their password. Responding to a login problem with an erroneous statement is just silly.

Second, it is misleading and it sends people in the wrong direction, for example double or triple checking their old email passwords, re-typing their info carefully several times, and wasting time doing something that will no longer work.

Third it is confusing, when someone checks and retries, and checks again and retries the old password, they are not getting further ahead. They are getting justifiably frustrated and digging a hole from which it will take a significant amount of energy to emerge.

Fourth, it fails to provide direction, i.e. the rationale for the need, and then the instruction to fix the problem. All because at the start no simple statement was provided to start them off in the right direction.

‘Sorry, new security upgrades require that members set up a new password”

How hard can this be?

I don’t really see why it has to be this way.

Best regards.
TR

VMLUG members: please consider sharing your similar experiences or tips...shedding some light on this...
 

chas_m

Well-Known Member
Companies have decided that it is not good customer relations to put up a warning like “this password is being blocked because it is available on the Dark Web for purchase” or “you have used a variation of this password on 4,327 other sites, so no you can’t use it here,” so they euphemise behind either ”forgot” or “must reset” password so as not to anger typical users.

The root solution to this problem — and this applies to 100 percent of users, including myself, at least until biometrics/passkeys take over — is to generate a unique password for EACH AND EVERY website you interact with that requires one, and use a password vault (either Keychain or a reputable third-party like 1Password) to manage them, not your memory or a little book (or scraps of paper scattered all over the place).

I agree that companies should be less afraid to use the “security upgrades require a new password” language you’ve suggested, and indeed my bank used almost exactly that phrase when they stopped allowing customers to use the last four digits of their bank account # as their ID (not password, but you get the idea). However, I’ve witnesses firsthand how angry customers get when they can’t use [name of pet + year they got pet] as a near-universal password anymore, and blame the business, not the fact that the password was highly guessable/easily cracked in the first place.

If hackers compromise your password and empty your bank account because your password was “123-ThisIsMe,” the last person most people will ever blame for this is themselves. It will be the bank’s fault, of course, because they allowed you to have that password!

We’ll be talking more about passkeys and universal biometric authentication at next month’s meetings, but it can‘t come too soon for me.

But in the meantime, use auto-generated or self-generated strong passwords and store them in Keychain. For every website you interact with.

(logins for your devices can still be something more memorable to you, since the internet is not involved in that)
 

TimRichards

Well-Known Member
Thanks Chas. I have been member of the board of directors of a Credit Union for 17 years and have heard war stories of people’s accounts being hacked. I have been using the self generated keychain passwords in my recent binge of updating my numerous website account logins, however I was hoping to get a line of comments going about problems and solutions involved in updating passwords In this thread.
For example, I changed some passwords on my laptop yesterday and today my iPad doesn’t know my ICloud password, and is still suggesting the old one from day before. Also, Gmail lost knowledge of the updated password on my iPad, changed yesterday. I realize you and others do this kind of thing, password and account management, professionally and I don’t expect you to write the book here, I’m just encouraging folks to hopefully present problems they have experienced or observed and solutions.
 

chas_m

Well-Known Member
Make sure keychain is syncing across your devices. If everything looks right, turn OFF keychain syncing on the device that hasn’t got the updated passwords, wait a minute, then turn syncing for keychain back ON. That should force an update.
 
Top