Does "Please Reset Your Password" mean "We Were Hacked"?
Aug 5, 2014, 9:32 am
#1
Original Poster
Join Date: Nov 1999
Programs: UA, DL, AA, Sutherlands Lumber
Posts: 7,359
Does "Please Reset Your Password" mean "We Were Hacked"?
There's been a slew of hackings. Next thing I notice, that in order to "enhance security", sites want me to reset my password.
Gets me wondering about previous requests for password change. One was my credit union. Does this mean they were hacked, don't have to report, and doing the predictable spin?
Gets me wondering about previous requests for password change. One was my credit union. Does this mean they were hacked, don't have to report, and doing the predictable spin?
Aug 5, 2014, 4:07 pm
#6
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,008
It could also just be a proactive "wow, hacker capabilities are getting better, maybe we had better strengthen our password requiremetns and ask everyone to reset/meet them" measure.
I've had a few that added new "upper/lower/special/numeric" combinations for passwords, and require everyone to renew, whether or not they already meet the new standards.
Aug 6, 2014, 8:23 am
#9
Join Date: Aug 2010
Location: LGA - JFK
Programs: UA, AA, DL, B6, CX, KE, Latitude, VIFP, Crown & Anchor, etc.
Posts: 2,589
Worried after hearing/learning about that 1.2 billion stolen/exposed passwords & userid associated with the Russians?
It's best practices to use 2-steps verification and/or a strong password system - and, update/manage your notification/alert info to reset and security/challenge questions. Many upgraded systems are deploying more advanced ip-based systems to invoke additional security counter-measures when potential intrusions exist.
It's best practices to use 2-steps verification and/or a strong password system - and, update/manage your notification/alert info to reset and security/challenge questions. Many upgraded systems are deploying more advanced ip-based systems to invoke additional security counter-measures when potential intrusions exist.
Aug 6, 2014, 8:54 am
#10
Join Date: Aug 2006
Location: San Jose CA
Posts: 1,100
"I, for one, welcome our new Russian hacker overlords" (Twitter). For anyone interested, here's the NY Times article on the Russian password theft. This is why it's time to change your password.
Last edited by boberonicus; Aug 6, 2014 at 9:23 am
Aug 7, 2014, 6:28 am
#11
Join Date: Jun 2014
Posts: 960
If you need to use someone computer, it was just looking under the keyboard - almost everybody had a paper glued there with the current password - after a couple of changes, probably nobody was able to remember their last one...
Aug 7, 2014, 10:19 am
#12
Join Date: Aug 2010
Location: LGA - JFK
Programs: UA, AA, DL, B6, CX, KE, Latitude, VIFP, Crown & Anchor, etc.
Posts: 2,589
Our office system enforce a 90 days policy on changing password to comply with HIPAA security precaution for data privacy and the same pw cannot be re-used until the 7th rotation, with a reminder 10+ days before expiration. And, surely cyber intruder(s) cannot physically look under the mouse pad for the sticky note used by many 
and it's easier if you know their assigned & unique userid scheme (insider's breach.)
Some financial sites would disable the userid/pw combo after a period of inactivity, 6 months to a year+ and require new user registration.
and it's easier if you know their assigned & unique userid scheme (insider's breach.) Some financial sites would disable the userid/pw combo after a period of inactivity, 6 months to a year+ and require new user registration.