There’s this story about guy who spent $30 on gasoline yet was charged over $84,000 on his credit card. And there are conflicting stories from the gas station and the credit card company as to whether the gas station was paid; the credit card company says yes, and that they need to return the money; the gas station says no, it wasn’t. It’s unclear how this debacle began. Regardless, this guy is majorly jammed up. His paycheck gets deposited automatically into his bank, but he can’t access the money, because the amount was applied towards the $84,000 he “owes.”
This reminds me why sometimes I feel like putting my money under my mattress. Instead, I have a number of bills automatically withdrawn from my checking account, optimally correctly. It seems to me that when something as much of an outlier as a high five-digit purchase that is not the norm would have generated a call to the cardholder. I have in fact gotten such calls; sometimes, it is a legitimate purchase I made while out of time, but occasionally, it was a fraudulent transaction.
Speaking of fraud, I got no fewer than three notices Friday, the 13th, plus another the next day, from Amazon, Twitter, and Yahoo1, and LinkedIn. The Amazon e-mail is fairly representative:
“At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. So we have taken the precaution of resetting your Amazon.com password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your Amazon account.”
What a pain. I have had trouble with keeping track of passwords since forever. At work, I have to change my password every seven weeks. Obviously, I know all the “do nots” of password use. But apparently, some folks in an organization I’m affiliated with do not, because I got this e-mail, coincidentally also last Friday:
“There seems to be some confusion about the reason for password protection on a computer.
“I understand a password to secure the computer from unauthorized use. This would include, for example, unauthorized access to our database. Such access could be t make changes, or gather personal information about our members.
“Thus, writing the password on a piece of paper and displaying it clearly near the keyboard, even if under another piece of paper, would seem to be contrary to the reason for a password.”
Of course, the letter writer is correct. But I have no fewer than two dozen user/password combinations, and I’ve been locked out of databases for excessive tries. So using the same combo or writing the combos down seem, in the moment, to be attractive options. At least until something goes wrong.
Oh, and I just got an e-msil from eBay, which I hardly use:
Your eBay account has been temporarily locked because it looks like someone used it without your permission. Your email address may have also been tampered with so you might not have received any emails about the unauthorized transactions.
We went ahead and canceled those unauthorized transactions and credited the associated fees. We assure you that your credit card information has not been stolen because it’s on a secure computer that can’t be accessed by anyone.
Yikes. Pain in the a$$ – big hugs for it. With Ebay, is it at all possible that you left it logged in on another computer?
Also… I sincerely doubt that Amazon et al. is worried about the “real you.” Have you considered if they problem is your name? (How else would they associate all those email addresses to you?) Roger Green / Roger Owen Green is really, really common. I’m lucky because my legal name is really, really rare, and that’s the one on my Amazon account, credit cards, etc.
The best and most interesting tip in the passwords tips you list I first learned in XKCD. However, tragically, while that works for email accounts like Google, websites that like to verify the difficulty of your password won’t let you use something like donkeykongyetibreath and insist on things that look like cusses in old comics ($%@&durnit!).