Helping people with computers... one answer at a time.
In a desperate move to resolve account access issues, people are frequently trusting people they shouldn't and providing too much private information.
I've been fighting a problem with my email it seems for weeks now. [Further details removed.]
My username is [removed] and my password is 'tires4you'. Can you help?
•
I've removed the details of what is basically a composite question, because this isn't about the question.
It's about what's horribly, horribly wrong with the question.
And it's something that I see so often that it's time that I said something.
And no, it's not that the password is horrifically unsecure (although it is).
•
You gave your account information to a total stranger
You don't know me.
You don't know the people that work for me.
I absolutely believe that I have the highest level of integrity and that I would only have people working for me who are just as honest.
The point is that you don't know that.
For all that you know, I or someone on my staff could be a spammer, a scammer, or worse. We're not, but how do you know?
And yet, you handed over your account information to total strangers you don't know.
It gets worse.
Posting publicly
On the same day that I elected to write this, not only did I get questions that included account credentials, someone else posted their credentials in a comment on one of the other articles here on Ask Leo!
Comments that are visible publicly.
Anyone can see 'em. Anyone!
You might as well write "Steal this account" with that information on a billboard somewhere.
In really large letters.
Protect yourself
People looking for help are often in desperate situations. Losing access to an email account, particularly if it's not been managed well, can have devastating impact.
Don't let your guard down out of desperation.
Please.
Don't share your account password with anyone.†
Definitely don't just offer up your password to random websites or place it in comments in the hopes that someone will help you. You're more likely to make matters worse - much much worse - by doing so.
Change your thinking
To be brutally honest, it doesn't surprise me that the people who give me their passwords unasked are having problems with their accounts. Most often, they've lost access to it and I can see why.
I mean, if they've given it to me, who else have they given it to?
That kind of thinking must change.
If you're giving me your password - if you're giving anyone your password - you aren't thinking about online security properly.
Stop that. 
Treat your password like you would your wallet. (Heck, sometimes when using online banking, your password's almost as good as your wallet!). Keep it in your pocket.
And don't just hand it over to strangers.
Or anyone else, for that matter.
PS: By the way, 'tires4you' is a horrificly unsecure password. A hacker can probably guess that in minutes and a computerized attack would crack it in less than a second.
•
† OK, ok ... there are very rare circumstances when it makes sense to give your password to someone. Let me emphasize rare circumstances. Only then to someone you already know and trust completely, and for a specific purpose and limited time, after which you change your password. When in doubt, don't; just don't. The number of accounts I see lost forever simply because people trusted the wrong person would astound you.
Article C4979 - November 11, 2011
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Give the guy a little credit: he at least included a number in his password!
Folks, I'm going to make this recommendation again:
"Perfect Passwords: Selection, Protection, Authentication" by Mark Burnett ($24.79)
It may be outdated, but it is still very, very relevant!
Posted by: Glenn P. at November 15, 2011 2:01 PMAllied to this subject is the corruption of one's account, e.g., Yahoo! Mail. I think I submitted this recently but our Canadian phishers are using an IDENTICAL sign-in page as that of Yahoo's and I fell for it and I am exceptional in
Posted by: Rob at November 15, 2011 9:39 PMthat I am ALWAYS on my guard. A page saying that my time had expired (on Yahoo Mail) which was followed by the identical page referred to above. So I logged in with username and password. Very soon after (within 3 days) my contact list (address book) was compromised with two emails - one to half of the list with another email to the second half. I was only aware of what had occurred when I saw that Mailer-Damon had tried (unsuccessfully) to send each email separately to each half of the list. Fortunately only three or four got through and my friends asked me what I was up to. I then checked my login history with Yahoo to find that two consecutive sendings from Canada had been authenticated by Yahoo! The two entries were in complete isolation with ALL OTHER SENDINGS both before and after being from Indonesia for a consecutive period of four year! Yahoo's computers did not pick this up but they and most of us know who the offenders are and I feel that these two sendings should have been detected and prevented. One matter of interest - how come Mailer could only successfully send the emails to just 3/4 of my list - what was preventing their sending? To prevent this happening again I have included a sign-in seal to my Yahoo sign-in section (panel).
I was so impressed by one of Leo's previous columns that I do not give my E-mail account password to anyone! Not even my wife (which caused a few hours of coolness between us).
However, the brutal truth, as Leo points out (sometimes his columns are almost Zen-like), is nothing is guaranteed to last forever. Even your wife is your wife only until (hopefully not) she is not your wife anymore. Think about it. In the sad event of a break up, who is the LAST person you would want to have access to all of your confidential info?
Also, I realized that my current password is to0 simple and I will change it. The problem is that the easy to remember passwords are also probably the easiest to crack!
Posted by: James M at November 15, 2011 10:28 PMIm trying to change my password and recover my old facebook account. I forgot my password , please help. My grandson played with my phone and.it was asking for my username and password so I brought my phone to T-mobile and they master set it so I lost my facebook acct.
Posted by: Gwen Chouest at December 19, 2011 9:52 AM@Gwen
Posted by: Mark J at December 19, 2011 3:02 PMHere's an article previously published on Ask Leo on how to recover a Facebook account. Since your phone was reset, the password reset method would be your only option.
How do I recover my Facebook log in password?