CLICK, click, clack. “Wrong password or username.” Agh! Click, clack, clack. “Reset password.” Fume. Clack, clack, click. “Your new password cannot be your old password.” Laptop disappears through window. I mean, how can they say I’ve entered the wrong password when they had it all along?
Password rage is one of the defining conditions of the internet age. One in three of us suffers from it, according to one of those improbable surveys on Buzzfeed. I certainly do. I mean, why do I need a username and password to book a ferry crossing to France? Even when buying a pair of boots online ( not something I would recommend because they always turn up the wrong size) you’re asked to open an account with the inevitable password.
Most of us have, I’m told, 27 passwords to remember – but I seem to have far more than that, invariably forgotten. I tried using Last Pass and Apple’s Keychain, which is supposed to remember your passwords for you. It generates strings of symbols and letters that would be impossible for anyone to remember. But the problem is that Keychain doesn’t seem to remember them reliably either. As often as not when it autofills the password on an app or a non-apple website, I still get an error message. Or it won’t autofill at all and then I need to remember the password, which of course I can’t. Biometric identification? don’t make me laugh.
So what do I do? Well, what everyone else does: I note my passwords, pins and memorable data in a little black book; only, I’d better keep quiet about this because if Ross McEwan, boss of RBS gets his way, that might preclude me from being able to claim compensation for fraud. “You can’t keep blaming this on an organisation” he says, “when customers don’t take their own duty of care as well”.
Increasingly, companies are refusing to accept responsibility for frauds that result from phishing expeditions on the internet or from people not taking care to keep their passwords and pins secure. By secure is meant, presumably, kept in your head and not on a post-it note next to the computer screen.
Phishing refers to the increasingly sophisticated email scams whereby people are conned into giving out their passwords and other sensitive information. These scams seem to increase at an alarming rate. Almost daily I get emails allegedly from Paypal or some other reputable business telling me that my account will be de-activated if I don’t enter my login details. It could be from Netflix telling me that my account is on hold because there was a problem with my last payment.
Phishing used to be easy to spot. It was usually a badly-spelled email from some dodgy character in Nigeria offering untold riches if you would just help them transfer frozen funds out of the country. Really, it was your own lookout if you gave them your bank details so that they could give you your cut of the loot. But those days are gone and phishing is much more sophisticated.
Here’s one I received purporting to be from Apple. “We will hold your account for one week from the date of this email. After that date, if your account information is not updated, your account will be terminated and you will not be able to use it. To unlock your account, please sign in and follow instructions.”
I suppose most savvy people would understand that this is crooked. We are always told that we will never be asked for account details over email. But it looked genuine to me; all the logos were correct. The address is supposed to be the give away but often it comes from plausible accounts such as Support.Paypal. Or there are phoney “no-reply” addresses that are also used by legitimate firms.
I have fallen for at least one of these scams. It was an email message from the former editor of the Sunday Herald and asked me to access a drop box. I replied that I never open these attachments and could he tell me what it was about. He said it was something that couldn’t be discussed in an open email or on the phone and that I needed to open the drop box. I did, giving away my Apple ID in the process. My editor’s email account had been hacked. This was my first experience of what is called “spear phishing” where the scammers can actually conduct a conversation with their marks.
Of course, we all have to be vigilant and responsible but the scams are getting so clever that anyone could fall victim. But increasingly firms are reluctant to accept any responsibility. I always refer these scams to Apple, Netflix, Chase Manhattan, Paypal or whomever they allegedly come from. But I have never found any of the companies volunteering this information to users. Surely, as soon as they are aware of a scam, they should notify their customers but they don’t.
Indeed, I’m somewhat amazed that a mega-tech firm like Apple lacks the means to track down the IP addresses of the scammers. These are all-seeing, all-knowing organisations that harvest our personal information and use it for commercial purposes. They are very good at tracking our movements on the internet without us knowing about it. But they seem remarkably tardy in tracking down phishing expeditions.
The UK Government’s new data protection bill is in many ways admirable. It gives users the right to know what information is being kept about them and a right to have embarrassing teenage posts on Facebook “forgotten”. But it doesn’t address the other end of the privacy relationship and the responsibility of internet firms like Paypal to help guard the privacy of their users’ accounts. We need some form of once-only secure identification. Password proliferation is destroying internet security.
It is understandable that these companies don’t want to admit just how much personal information is stolen by phishing. Estimates of losses are unreliable but run into to hundreds of millions of pounds. But I fear they are cutting their own throats commercially by keeping shtum. I’ve stopped using my Paypal account because I don’t trust the name any more.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel