Helping people with computers... one answer at a time.

In a desperate move to resolve account access issues, people are frequently trusting people they shouldn't and providing too much private information.

I've been fighting a problem with my email it seems for weeks now. [Further details removed.]

My username is [removed] and my password is 'tires4you'. Can you help?

I've removed the details of what is basically a composite question, because this isn't about the question.

It's about what's horribly, horribly wrong with the question.

And it's something that I see so often that it's time that I said something.

And no, it's not that the password is horrifically unsecure (although it is).

You gave your account information to a total stranger

You don't know me.

“Treat your password like you would your wallet.”

You don't know the people that work for me.

I absolutely believe that I have the highest level of integrity and that I would only have people working for me who are just as honest.

The point is that you don't know that.

For all that you know, I or someone on my staff could be a spammer, a scammer, or worse. We're not, but how do you know?

And yet, you handed over your account information to total strangers you don't know.

It gets worse.

Posting publicly

My password is ... !!!

On the same day that I elected to write this, not only did I get questions that included account credentials, someone else posted their credentials in a comment on one of the other articles here on Ask Leo!

Comments that are visible publicly.

Anyone can see 'em. Anyone!

You might as well write "Steal this account" with that information on a billboard somewhere.

In really large letters.

Protect yourself

People looking for help are often in desperate situations. Losing access to an email account, particularly if it's not been managed well, can have devastating impact.

Don't let your guard down out of desperation.

Please.

Don't share your account password with anyone.

Definitely don't just offer up your password to random websites or place it in comments in the hopes that someone will help you. You're more likely to make matters worse - much much worse - by doing so.

Change your thinking

To be brutally honest, it doesn't surprise me that the people who give me their passwords unasked are having problems with their accounts. Most often, they've lost access to it and I can see why.

I mean, if they've given it to me, who else have they given it to?

That kind of thinking must change.

If you're giving me your password - if you're giving anyone your password - you aren't thinking about online security properly.

Stop that. Smile

Treat your password like you would your wallet. (Heck, sometimes when using online banking, your password's almost as good as your wallet!). Keep it in your pocket.

And don't just hand it over to strangers.

Or anyone else, for that matter.

PS: By the way, 'tires4you' is a horrificly unsecure password. A hacker can probably guess that in minutes and a computerized attack would crack it in less than a second.

† OK, ok ... there are very rare circumstances when it makes sense to give your password to someone. Let me emphasize rare circumstances. Only then to someone you already know and trust completely, and for a specific purpose and limited time, after which you change your password. When in doubt, don't; just don't. The number of accounts I see lost forever simply because people trusted the wrong person would astound you.

Article C4979 - November 11, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

13 Comments
Billy Bob
November 11, 2011 6:01 PM

But Leo I trust you so so so much! And by the way here is my SSN and my DOB and my mother's maiden name. Oh yeah and one more thing-- will you babysit my one-year-old this weekend? You're the greatest!

Jeffrey
November 13, 2011 2:35 PM

the only person who MIGHT have access to my passwords is my wife. And I intend to keep it that way. I do think that this article is slightly incomplete in that you don't link to previous articles on how to prepare for emergencies that are real. Just like life insurance, there are ways to prepare, that I think should be "You may also be interested in:" of this article

Andrew Keir
November 15, 2011 10:25 AM

and yet - older readers will understand that some arrangement has to be made for executors. I have a list of passwords, account details, etc in a safe place (no I'm not saying where) and the same lawyers who wrote my will have a 'to be opened in the event of my death' letter saying where the family should go to get access to my money. That letter won't be handed over without seeing my death certificate. Otherwise, how on earth will my kids access - or even know about - the various online accounts I have? I trust the lawyer - especially as they don't know what's in the letter.
If everyone is too cautious about online banking there's going to be a whole lot of unclaimed money in a decade or two...

A very important consideration indeed. I have this article on the topic: What happens when I die?
Leo
15-Nov-2011
Tony
November 15, 2011 10:30 AM

Oh dear! I could not agree with you more Leo!!
This kind of stupidity has been going on FOREVER!!
I hate to admit my age but I programmed my first computer in 1948 and there were supposed to be userids and passwords on those ancient machines! But you could wander around the office of the highly secure government agency I worked for and password were pasted onto keyboards or on the back of punched cards and paper tape (which were the common input media) and stuck on the wall! In fact it was not necessary to remember any of them!
And over the years... I have watched it change NOT one jot!
I run a support service for Golden Oldies and they happily send me every account number and name even though I do not need them!! One quite compos mentis elderly lady even sent me her bank details so I could 'take my fee from her account'!
In the end and in this society you cannot protect people from their own inadequacy and stupidity!
But then one can go TOO far! One City of London corporation I did some work for many years ago, automatically changed everyone's id and passwrord EVERY day!! It was HELL!
Interestingly we came up with a seemingly foolproof system that worked very well but contractual privacy restricts my ability to tell you more! :=))
Tony

JK
November 15, 2011 10:32 AM

Hi Leo, This article about user names and passwords prompted me to write. I have been EXTREMELY careful and never wrote my password ANYWHERE, although my user name has gone everywhere. My hotmail account has been corrupted. Spam or Scam emails often go out allegedly from ME to some or ALL in my address book. These emails have links which I believe no one has opened but of course I am not absolutely sure. My friends, family and business contacts are starting to get upset and I don't blame them. :( I started by printing out and then and deleting ALL of my contacts, then changing my password and writing to hotmail. Hotmail said they could only open me a brand new account which I was trying to avoid. Everything was fine for awhile then it started up again. I then changed to using the hotmail account through Thunderbird and all was fine for many months. There are still no contacts in the actual hotmail account but there are some now in Thunderbird and it happened again to a partial list of my Thunderbird contacts. I have so much associated with this account, that I have had since 2002, that I am reluctant to dump it although that seems to be the only solution. Any suggestions will be appreciated.

Randall
November 15, 2011 10:33 AM

This is slightly off topic, but, related. Occasionally I subscribe to some site or online reseller, and, they send me an E-Mail which includes the password I entered when I signed up. This clearly means that almost anyone in their organisation could now be in possession of one of the passwords I use from time to time, and, anyone who intercepts the E-M would have my password for that site (almost certainly without me being aware). The organisations often seem otherwise quite professional, so, it astonishes me when it happens. Is there a way to mitigate against this problem?

Mark J
November 15, 2011 10:54 AM

@JK
This article might help:
Someone's ending email that_looks like it's from me to my contacts. What can I do?

Mark J
November 15, 2011 11:00 AM

@Randal
You could try a different password for each login.
Why is it important to have different passwords on different accounts?

Glenn P.
November 15, 2011 2:01 PM

Give the guy a little  credit: he at least included a number  in his password!

Folks, I'm going to make this recommendation again:

"Perfect Passwords: Selection, Protection, Authentication" by Mark Burnett ($24.79)

It may be outdated, but it is still very, very  relevant!

Rob
November 15, 2011 9:39 PM

Allied to this subject is the corruption of one's account, e.g., Yahoo! Mail. I think I submitted this recently but our Canadian phishers are using an IDENTICAL sign-in page as that of Yahoo's and I fell for it and I am exceptional in
that I am ALWAYS on my guard. A page saying that my time had expired (on Yahoo Mail) which was followed by the identical page referred to above. So I logged in with username and password. Very soon after (within 3 days) my contact list (address book) was compromised with two emails - one to half of the list with another email to the second half. I was only aware of what had occurred when I saw that Mailer-Damon had tried (unsuccessfully) to send each email separately to each half of the list. Fortunately only three or four got through and my friends asked me what I was up to. I then checked my login history with Yahoo to find that two consecutive sendings from Canada had been authenticated by Yahoo! The two entries were in complete isolation with ALL OTHER SENDINGS both before and after being from Indonesia for a consecutive period of four year! Yahoo's computers did not pick this up but they and most of us know who the offenders are and I feel that these two sendings should have been detected and prevented. One matter of interest - how come Mailer could only successfully send the emails to just 3/4 of my list - what was preventing their sending? To prevent this happening again I have included a sign-in seal to my Yahoo sign-in section (panel).

James M
November 15, 2011 10:28 PM

I was so impressed by one of Leo's previous columns that I do not give my E-mail account password to anyone! Not even my wife (which caused a few hours of coolness between us).

However, the brutal truth, as Leo points out (sometimes his columns are almost Zen-like), is nothing is guaranteed to last forever. Even your wife is your wife only until (hopefully not) she is not your wife anymore. Think about it. In the sad event of a break up, who is the LAST person you would want to have access to all of your confidential info?

Also, I realized that my current password is to0 simple and I will change it. The problem is that the easy to remember passwords are also probably the easiest to crack!

Gwen Chouest
December 19, 2011 9:52 AM

Im trying to change my password and recover my old facebook account. I forgot my password , please help. My grandson played with my phone and.it was asking for my username and password so I brought my phone to T-mobile and they master set it so I lost my facebook acct.

Mark J
December 19, 2011 3:02 PM

@Gwen
Here's an article previously published on Ask Leo on how to recover a Facebook account. Since your phone was reset, the password reset method would be your only option.
How do I recover my Facebook log in password?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.