Changing password is always a good idea. Do pick a hard to guess password, with lots of difficult characters. Then use a password manager to store it in. Not using https only is a problem if somebody is listening in on your connection. If that's the case you have bigger problems then an AW login
If the problem re-occurs, contact support via the feedback form.
Hi Yuri, all looks well from here; good on you for being vigilant and paying attention to IP address login history, though. There's been no spikes in bandwidth, and no 'spooky' logins or multiple failed attempts. That said, as the folks here have said, it is good practice to change your passwords. You can do that via our biller, GMBill's account lookup. If you have any trouble feel free to submit a support ticket and I can go i9nto more specific, step-by-step detail.
It would seem that someone is trying to hack my account from Gijon and Istanbul-two places I have never visited,nor plan to.I'll probably change my password, but is it possible to find out what they tried to use as a password?I've always considered my password pretty good ,but if they really nowhere near close to being right, is it perhaps a great risk not to change?
philchen, use a random password generator, 10 or more charachters, include some special (not az09) as well. Make sure you change both forum and site password, to different passwords. I have both forum and site to 'remember me', looking up a password once a year to login works fine
Not really, the people in that article where handed encrypted passwords. You first have to get that list. Without it you have to guess the entire password, and most system allow only 5 login attempts before blocking you art least temporarily.
The article does proof you need different passwords for different sites (and for forum vs site in AW's case). If an md5 hashed password list gets out, yeah that's a problem, but we knew that years ago
There are better systems, but having everybody buy personal ssl certs to login to a forum or shop wouldn't go over well with most people I think.
For those who are wondering what kind of cryptography system might be out there or some kind of setup that could really ensure virtually no one else but the registered member has access to a site or page, Bloomberg utilises a login system so secure it requires each of its subscribers to carry and use a special card that identifies the subscriber, through the the screen by way of the card, at each time of login. The card is sort of the subscriber's unique thumbprint and the card won't work if anybody else held the card up to the screen. One subscriber, one card, one Bloomberg account. About a secure of a login procedure as it gets.
I think this stuff is really fascinating; authentication, cryptography, and so on.
That said, in the scheme of security, we're 'average' at abbywinters. All of the sensitive personal data is absolutely separate from your abbywinters.com login, and handled by the much more secure biller. Because of that, the risk posed by a password breach is quite minimal and borne mainly by us. If hackers gain access to a member's abbywinters.com subscription, they get free* porn and no access to sensitive details. Whilst more rigorous systems surely could bring down the incidence of such things, they would also likely infringe greatly upon the usability of the site, especially on less computer-capable members (who themselves also wouldn't notice or appreciate the benefit). All in all we try to aim for a sweet spot between 'locked flyscreen' and 'retinal scan'.
*Nothing is free; they get porn that costs us in bandwidth.
Hi Brent,since I've changed my password they've been certainly been busy trying to hack my account.The only thing that has been noticeable is the amount of downloaded material which is something I've never paid much heed to.I've been on the site longer than my activity on the boards may suggest but 1200+ GB downloads since 2004 does seem a bit too much to me.So long as they can't check into my personal data I'm happy,though I don't like them ''damaging'' AW using me,however inadvertent.I think I shall take the advice and change passwords more often.I do like ''locked flyscreen'' and ''retinal scan'',though-great imagery! Take care,Phil.