Amazon Forces Password Reset For Some Users - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Amazon Forces Password Reset For Some Users
Threaded  |  Newest First  |  Oldest First
CharlineSau
50%
50%
CharlineSau,
User Rank: Apprentice
11/27/2015 | 11:04:42 AM
Re
Oh, I better change my password then ! 
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/27/2015 | 7:23:47 PM
Re: Re
That would be a very good idea.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 8:45:37 AM
Re: Re
Better yet, enable 2-factor authentication on your Amazon account. Then, it doesn't really matter if your password gets compromised.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 9:08:05 AM
Re: Re
Yes a good idea as well
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 9:09:34 AM
Re: Re
I would recommend that users enable 2-factor authentication anytime it's available from a provider. That's a relatively simple step that reaps huge gains in security of personal and financial data.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 9:54:32 AM
Re: Re
Sure if they have a device that can use something like Google Authentcator. The problem is that not everyone has such a device.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 9:56:20 AM
Re: Re
All 2-factor services I've seen also allow users to receive codes via SMS. Just about everyone can receive a text message. That's the fallback if the device with the authenticator app isn't available or isn't synced properly anyway.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 10:39:13 AM
Re: Re
Ok but that allows a mitm with the carrier as the point of failure. Like if a Stingray device was in use. Not that it's likely you understand, but possible. I just don't think any security method can always be relied on, even something like MFA
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 10:46:18 AM
Re: Re
Agreed that no system removes all possible failure points. The goal is to reduce failure points to the minimum that is acceptable for each situation. Passwords are not a good means of securing anything, and they haven't been for years. While specific individuals may feel comfortable that they are using sufficiently complex passwords, changing them often enough and using each password in only one place, that doesn't describe the vast majority of the population.

The text coming to me might get copied by a Stingray type of device, but someone would still need my password at the same point in time. The code expires within a minute or so, so timing is critical.

The advantage of multifactor authentication is that at least two avenues must be compromised at the same time in order to gain access. It's not going to protect 100%, but it certainly reduces the likelihood of a breach down to considerably less than 1%. If someone doesn't have a smartphone and can't use an authenticator app, then SMS is the option. It may not be hack-proof, but it certainly makes the job a lot harder for someone to get unauthorized access.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 10:56:53 AM
Re: Re
Yes, I agree with your last sentence. it makes it harder to gain entry.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 10:58:59 AM
Re: Re
That's the goal of pretty much any security improvement, electronic or physical. Nothing is perfectly safe, so we have to settle for getting as close as we can. The harder I am to hack, the more likely someone will pick an easier target. I can't stop the hacker, but I can try to keep the target off of me.
larryloeb
50%
50%
larryloeb,
User Rank: Author
11/30/2015 | 11:06:24 AM
Re: Re
I personally like to hunt them down and destroy their hardware with an axe.

But, that's just me.

<g>
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
11/30/2015 | 11:07:26 AM
Re: Re
All in favor of that as well. :)


The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Commentary
Gartner Forecast Sees 7.3% Shrinkage in IT Spending for 2020
Joao-Pierre S. Ruth, Senior Writer,  7/15/2020
Slideshows
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
Commentary
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll