Tag: Passwords

Friendly reminder to change your passwords.

The battle between E-MAIL & ACCOUNT ID & USER NAME

What’s the difference? Are they the same? How do I know which to use when?

As my mom signs up for Echo apps, she is constantly getting tangled in the web of when to  an email and when to use (any numerous) account ids.Sorry mom there is no simple answer.

E-MAIL – for this blog post we are going to assume an email belongs to only one person.

  • E-mail addresses are unique – like a phone number  or physical address there is only one destination per address.
  • E-mail address are NOT case sensitive (PASSWORDS are CASE sensitive.)
  • E-mails always have 3 parts; username, domain (followed by an actual dot) and the extension. There are more rules to what can be included in a e-mail address and what the computer will not except. Usually your e-mail host provider will send you an email back to your inbox if your e-mail could not be delivered due to technological error. example using a bad character in your email address like a space.
  • Some e-mails are anonymous. The person who created the email did not have to prove they were JOHN smith to use the email address johnsmith@domain.com. Nor did they have to prove they were ablueclown@surprise.com.
  • You could have lots of e-mail addresses and use only one e-mail program to read all your new e-mails.
  • There is no magic look up find all email addresses’ belonging to the same person. Even if the personalization (front part of the @ symbol) is the exact same. In the same manner, there is no validation or look up to connect or join email with mobile numbers.

ACCOUNT/USER + ID/NAME (or any combination)

  • An Account ID, is an unique id for a webpage, business, app. You may use the same account/user name across multiple applications or logins. But each business probably doesn’t know that. As companies merged rules around how a customer can access their digital information gets tricky for the customer experience and development teams.
  • Or account id, may or may not be tied to an email. Usually when creating a new account with a new business, they will ask for contact details, address, email, phone – they would prefer someway to contact you if need be.
  • If your account id is your email address – they will usually note it on the login screen.
  • Every website/company creates their own rules for what makes an valid account id. Some allow spaces, some allow numbers. It is all how the site was programmed and there are no set standards for how this should be developed.
  • Usually account ids are not case sensitive. Off-hand I can’t think of one site that uses a case sensitive account id.
  • Some businesses will only let you sign up one account to one email. The account id is how you login into their site and the email is how they will contact you.
  • When you change email addresses, your accounts will need to be updated. Now this is a tricky bit. If a business uses an email account as the login name, if the email address changes, can the individual update their personal details or is the original email locked-in?

When a developer is creating a new system that requires the user to maintain personal and contact details on file, there are multiple facets to consider. Does it require a password? Will it require the user to have an email or phone number to contact them in the future and for what reasonsCan we collect permissions from the user via Terms and Conditions to use cookies and contacts to gather detailed user information?

I’ve come across many website that validate you are you, by sending a text with a code to your phone, to be entered onto the website This provides a double validation/security point for you the user, and provides both your email and phone contact information back to the business.

Think of your EMAIL ADDRESS as physical delivery address for just you for all your incoming e-mails.

Think of you ACCOUNT ID as your unique nickname used by a business.

Not all big companies have it together. I use AT&T in my house; this includes mobile phone, cable, internet and home security. But I have 3 separate accounts with AT&T today. One email address, one physical address, one phone number and 3 account numbers and 3 user names. I have to log into each account site separately to see any billings, account statements, etc. Even with my knowledge of logins and how they work across large systems, I still had no idea what was going on with my accounts, when one was saying ‘everything is fine’ online and the TV keep splashing a ‘time to pay your bill message’. I (thought) I had set up the auto pay (I noticed during the set up conversations that the security system is separated from all the mobile and cable logins) for 2 accounts. But much to my dismay the cable/tv can not be combined with the mobile account, and I have 2 logins for the website to manage 2 accounts both in my name.

NOTE: AT&T and Comcast both assign you an e-mail address within their own domain. example: yourname@att.com. I’m not sure why they do this, it made it complicated on my end, one more e-mail address to manage. And it appears that now that I’m no longer a Comcast customer, I can not access that e-mail account.

ALSO NOTE: The set up of certain apps on Echo has proved to be difficult. Both my mom and myself are using iPad and iPhone with the Amazon Echo (which is integrated with google). So the conversation of email and ids has been a struggle during setup. There are no standards with in the digital world for the user to understand. Only standards for the developers to keep in mind due to back end processes.

Identity theft

password

With the use of digital data – we expose ourselves to digital identity theft. And it is not just your financial information. Through a  couple of (fairly) easy questions a hacker can access your email. And it not just your email they now have access too, think off how often you have had to retrieve your security password for an account and they sent the link to your email. A password can be just as valuable as a financial account number to a hacker.

HOW MANY TIMES HAS YOUR DIGITAL DATA BEEN EXPOSED?

My corporate credit card number was stolen this week. All is okay, it was a card that only gets used for business expenses and the credit company is issuing me a new number and dealing with the fraudulent charges themselves. Somehow the thief was able to create a new card using my card number. Not total sure how that works, but it happened. That kind of vulnerability got me thinking, time to beef up my own security…

  1. Change your passwords. If you have been using the same passwords for ‘years’ it is time to upgrade. When you are creating your password think bank security – strong and unique.

There are password managers out there. Some store your passwords in a digital safe. Some help you manage your logins across devices.

LEARN ABOUT TWO FACTOR AUTHENTICATION

2. Monitor your accounts online and off line. Be sure to monitor your account statements. Set up text messaging alerts for high risk accounts.

I personally purchase identify theft monitoring systems. I’ve had my house broken into and my personal laptop stolen. Although the computer itself was password protected. I’m sure if you looked hard enough I had one time downloaded a financial statement of two, and my emails accounts were ‘always’ logged-in.’ I get a monthly updated on an activity that uses my identity, such as credit reports.

ON AN ODD NOTE: A friend of mines knows the passwords to her son’s accounts (he is over 21 and graduating from college this spring). I’m guessing he doesn’t know he is being stalked by his own mother. She has access to his Facebook account, both school and personal emails and uses Apple’s Track My iPhone app regularly to know where he is at all times.

It is probably never safe to allow your device to safe your password or auto login. But I have to admit I do it, who has time to re-enter this information every day. If your device is lost/stolen it only takes accessing the device to enter/access private sites.

So take a couple of minutes this week to reconsider how you create and save your password and account information. And then create your password strategy:

  1. Create a couple of different passwords to use.
  2. Use two factor authentication when available.
  3. Update your contact details on old accounts.
  4. Delete old accounts not being used.
  5. Spend some time looking at security applications provided by the products you use today.

Yahoo has a process to create an app password that enables a Second Sign-In Verification. Apple has iCloud Keychain. And there are numerous free apps that provide password management tools.

Now go and create a digitally secure world for yourself.