A plague on passwords: VICTORIA BISCHOFF puts her faith in her phone as she upgrades her online security
An alarming alert popped up on my smartphone last week. ‘This password has appeared in a data leak, which puts your account at high risk of compromise,’ it read, urging me change it ‘immediately’.
Panicked, I soon discovered an iPhone feature called ‘passwords’ I’d not noticed before.
After selecting ‘security recommendations’, I then learned that not one, but 98(!) security risks had been found by Apple.
Threat: Victoria was shocked to discover 98 security risks had been found by Apple, when she checked her phone’s password settings
From banking apps to subscription services, there seemed to be a warning next to almost every online account I’ve ever set up.
Of these, 76 were ‘high priority’. More than 60 had apparently appeared in data leaks. Others were highlighted because the same password had been reused, which is risky if those other accounts are compromised.
Some were flagged because the password could be ‘easily guessed’ or was used by ‘many’ other people. What a mess! Remembering passwords is already the bane of my life. Every business demands something different.
Some want you to include a mix of numbers, or a capital letter or ‘special character’ such as a question mark. So I am constantly having to reset the blasted things because I can’t remember what combination I’ve used and many won’t let me reuse one I’ve inputted before.
In the past I’ve resisted so-called password managers that store all your secret words in one place, as I didn’t know enough about them.
Eventually — after being locked out of yet another account — I allowed my phone to start saving my details instead. It means that after a quick facial recognition security check, my passwords are inputted automatically. Bliss.
Little did I know that behind the scenes Apple was also investigating how safe they were. In its small print, it states: ‘This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of leaked passwords.’
Which simply means you’ll get an alert if Apple thinks your account details have been compromised. And crucially, because everything is encrypted, it does this without actually viewing the information.
You can disable the feature by going into ‘settings’, selecting ‘passwords’ and then ‘security recommendations’. But in an age where fraudsters are getting more sophisticated by the day, this service strikes as me quite useful.
Some websites are also now offering to generate passwords for you — usually a complex, random selection of numbers and letters. They will be impossible to remember, but if saved on your phone, perhaps this isn’t a problem. Although I prefer phrases I at least have a chance of committing to memory.
In the meantime — and with the help of our guide — I’ve got a busy week ahead changing the passwords on 98 different accounts. Wish me luck.
Stung by exit fees
Are broadband firms just allowed to do whatever they fancy now?
As our consumer champion Sally Hamilton reveals on page 41, one BT customer was hit with a £1,004 penalty for cancelling their contract early after a difficult relationship break-up.
Ignoring the lack of humanity in this case, it beggars belief that telecoms giants are allowed to charge exit fees of this size — particularly since they have no problem hiking prices mid-way through our contracts.
May I politely suggest watchdog Ofcom wakes up.
I was intrigued to see a poster in a NatWest branch that says: ‘Looking to withdraw cash? Our primary aim is to keep customers safe and secure, and our branches follow our processes carefully to achieve this.
This will include asking you questions about the purpose of your cash withdrawal: we may also ask for supporting documentation such as an invoice.’
With fraud on the rise, I understand the reasoning. But NatWest is being too heavy-handed.
Customers will not take kindly to being given the third degree every time they drop into a branch to access their own money.