Jagboi

I keep a handwritten sheet of paper in my desk at home with all the passwords written down. I figure my house is much less likely to be broken into than computer traffic being intercepted, and my handwriting is a second layer of security! That, plus it would take someone quite a while to actually find that single sheet of paper in my desk!

T8191

Jagboi, I use the same system, with the relevant document filed in an irrelevant location But having dragged it out yesterday, I find I have been dreadfully remiss in keeping it up to date! Indeed, it needs dozens more sites/passwords adding!!

I tend to rely on my Mac remembering passwords for me, so at least that one-click arrangement hopefully defeats key-trackers.

erik123

A variation of this email is sent to millions. They may have an old password but they can't do anything with it. They are only hoping for a small % of suckers to make the payment. Best advice is to completely ignore.

Jagboi

I always keep the paper up to date, as I never know when a crash will take down the stored passwords locking me out. Probably a belt and braces approach, but it gives me comfort.

T8191

The Apple Time Capsule gives me confidence to be able to restore everything to a blank Mac. Took a few hours the last time I bought a new one, though!

LCY8737

chistery

I use Dashlane for my passwords, seems ok.

Oh, and 50 million facebook accounts now compromised. It is happening everywhere.

T8191

My only interface with LinkedIn was in the guise of a charity Bear with his own .gmail address .... Good luck with blackmailing Teddy .

LCY8737

Pascoe

"Dear Mr T8191, we have caught you on webcam looking at 'bear_necessities.com/bear_ladies'...... please send bitcoins now or we will expose you as a bad, bad bear........."

MadnessOfCrowds

Yes, this is the problem.
This type of scam has been around for ages but, if like me, you have unique passwords for each site, you can tell which site they got the info from.
imho, BA are not remotely taking this seriously enough.
Even the stress and worry of getting an email like that is serious.
BA also appear to place zero value on the imposition of time to fix things.
Frankly, they're out of date on customer experience.

WorldLux

Good IT costs money, money that could be (and currently is being) spent on one or two major IT problems per year.

"Sorry, I only have bearcoins"

Globaliser

Are you serious? 50 million? BA's IT penny--pinching has so much more to answer for than what we knew before!

T8191

That side of the Charity, Holidays4Heroes has closed down, as The Bears travels really didn’t justify the effort involved in terms of donations. But their adventures are still there on the website under “News and Updates”, and highlighted on “The Bears/Travel Map.”

ExAbz

Off-topic from the OP, but a caution for all those using and\or recommending LastPass or similar that automate almost all password management functions that there have been a number of security issues where the password manager, usually via browser extensions, can be persuaded to give up passwords when a malicious site has been visited. See the LastPass security incidents listed on WikiPedia: https://en.wikipedia.org/wiki/LastPass#Security_issues for more info.

While I do highly recommend using a Password Manager, I'm very wary of any that store the passwords on their site, however they may be encrypted, and also any tools or browser extensions that automate the entering of passwords into websites without my express manual intervention.

Personally I use PasswordSafe, and replicate the (encrypted) database via Google Drive. I do accept that there is some risk using the system clipboard to transfer a password from the application into a browser (potentially any application could read the clipboard), but closing the password database does clear the clipboard.