And so it begins — blackmail attempt following BA data theft
#91
Join Date: Feb 2009
Location: YYC
Programs: BA bronze, Aeroplan peon
Posts: 4,746
I keep a handwritten sheet of paper in my desk at home with all the passwords written down. I figure my house is much less likely to be broken into than computer traffic being intercepted, and my handwriting is a second layer of security! That, plus it would take someone quite a while to actually find that single sheet of paper in my desk!
#92
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,145
Jagboi, I use the same system, with the relevant document filed in an irrelevant location But having dragged it out yesterday, I find I have been dreadfully remiss in keeping it up to date! Indeed, it needs dozens more sites/passwords adding!!
I tend to rely on my Mac remembering passwords for me, so at least that one-click arrangement hopefully defeats key-trackers.
I tend to rely on my Mac remembering passwords for me, so at least that one-click arrangement hopefully defeats key-trackers.
#94
Join Date: Feb 2009
Location: YYC
Programs: BA bronze, Aeroplan peon
Posts: 4,746
I always keep the paper up to date, as I never know when a crash will take down the stored passwords locking me out. Probably a belt and braces approach, but it gives me comfort.
#95
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,145
The Apple Time Capsule gives me confidence to be able to restore everything to a blank Mac. Took a few hours the last time I bought a new one, though!
#96
Join Date: Nov 2004
Programs: BA GGL, LH FTL
Posts: 3,578
Thank you for this thread!
I just checked my spam folder and have received several sextortion emails for old passwords. LinkedIn and MySpace seem to be most popular.
Great fun. I feel temptation to respond and haggle them down a bit.
I just checked my spam folder and have received several sextortion emails for old passwords. LinkedIn and MySpace seem to be most popular.
Great fun. I feel temptation to respond and haggle them down a bit.
#99
Join Date: Nov 2004
Programs: BA GGL, LH FTL
Posts: 3,578
#100
Join Date: Jun 2010
Location: London
Programs: Mucci Blue, BAEC Gold, Blockbuster Video card
Posts: 1,378
"Dear Mr T8191, we have caught you on webcam looking at 'bear_necessities.com/bear_ladies'...... please send bitcoins now or we will expose you as a bad, bad bear........."
#101
Join Date: Dec 2009
Location: under the flight path near Windsor
Posts: 108
Yes, this is the problem.
This type of scam has been around for ages but, if like me, you have unique passwords for each site, you can tell which site they got the info from.
imho, BA are not remotely taking this seriously enough.
Even the stress and worry of getting an email like that is serious.
BA also appear to place zero value on the imposition of time to fix things.
Frankly, they're out of date on customer experience.
This type of scam has been around for ages but, if like me, you have unique passwords for each site, you can tell which site they got the info from.
imho, BA are not remotely taking this seriously enough.
Even the stress and worry of getting an email like that is serious.
BA also appear to place zero value on the imposition of time to fix things.
Frankly, they're out of date on customer experience.
#102
Join Date: Sep 2015
Programs: LH SEN; BA Gold
Posts: 8,405
"Sorry, I only have bearcoins"
#103
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,644
#104
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,145
#105
Join Date: Mar 2018
Programs: BAEC Silver, IHG Ambassador
Posts: 168
Off-topic from the OP, but a caution for all those using and\or recommending LastPass or similar that automate almost all password management functions that there have been a number of security issues where the password manager, usually via browser extensions, can be persuaded to give up passwords when a malicious site has been visited. See the LastPass security incidents listed on WikiPedia: https://en.wikipedia.org/wiki/LastPass#Security_issues for more info.
While I do highly recommend using a Password Manager, I'm very wary of any that store the passwords on their site, however they may be encrypted, and also any tools or browser extensions that automate the entering of passwords into websites without my express manual intervention.
Personally I use PasswordSafe, and replicate the (encrypted) database via Google Drive. I do accept that there is some risk using the system clipboard to transfer a password from the application into a browser (potentially any application could read the clipboard), but closing the password database does clear the clipboard.
While I do highly recommend using a Password Manager, I'm very wary of any that store the passwords on their site, however they may be encrypted, and also any tools or browser extensions that automate the entering of passwords into websites without my express manual intervention.
Personally I use PasswordSafe, and replicate the (encrypted) database via Google Drive. I do accept that there is some risk using the system clipboard to transfer a password from the application into a browser (potentially any application could read the clipboard), but closing the password database does clear the clipboard.