|
Thinking about it: You sign in with your email address, right? So if I have your email, and I try to log in as you the "Forgot password" option will send you a OTP to your email address. I'd guess someone amateur is hoping to access your account and that you have "quick buy" (or whatever it's called) set on the account.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: Thinking about it: You sign in with your email address, right?
That is exactly what I was thinking. If that is true, it isn't a great system because then random troublemakers can just keep resetting your amazon acct. Annoying!
|
|
|
|
|
|
I am not saying it's a scam, and I am not saying you aren't intelligent enough to spot one either, but...
I just wanted to say that I have had a few very well faked scam emails claiming to be amazon. They look perfect, just like an official amazon email. The only give away it the URLs when you hover the links.
They are usually something along the lines of being incorrectly charged and I need to confirm my account so a refund can be processed. You know, obvious scam tactics.
Just thought it's worth mentioning as I haven't seen this level of detail in scam emails until recently. I think there was another site too that looked very legit.
|
|
|
|
|
That's a very good point. However, this is related to just trying to sign on to my account at amazon and it instantly says I have to reset my pwd.
|
|
|
|
|
musefan wrote: I have had a few very well faked scam emails claiming to be amazon. They look perfect, just like an official amazon email. The only give away it the URLs when you hover the links.
...and yet, there's Google, who insists that showing URLs "just confuses users".
|
|
|
|
|
That's a favorite: someone has your email address (perhaps hacked from a site); they start hammering sites with your email and "that" hacked pw; then send a "forgot pw" on your behalf; expecting you to eventually cycle around to an "old" pw that they have for you; etc.
I used an Apple Id 10 years ago to download a ebook reader; I still get notices of "request to change pw" from the Apple Store.
I don't use Apple; for anything.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it.
― Confucian Analects: Rules of Confucius about his food
|
|
|
|
|
Gerry Schmitz wrote: I used an Apple Id 10 years ago to download a ebook reader; I still get notices of "request to change pw" from the Apple Store.
I've never had an Apple ID, yet I get the Apple password reset emails regularly. And PayPal. And banks that don't even exist in my country. And credit card companies I've never dealt with. And...well, you get the idea.
|
|
|
|
|
raddevus wrote:
Hey, companies, you can't just force a password change and not inform the user!! Is there something in print that says they can't? I would suspect that since nothing about the site or its services belong to you, they can do whatever they please with their software/hardware.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
David Crow wrote: Is there something in print that says they can't?
Oh, I just meant, "best practices". Sure, they can do whatever they want. And, I'm often reminded of this.
|
|
|
|
|
raddevus wrote: Did anyone else happen to notice if amazon forced a pwd change on them? Never did anything Amazon. Nor Azure.
Not outsourcing the ownership of data.
raddevus wrote: Hey, companies, you can't just force a password change and not inform the user!! You chose that company, instead of hosting and protecting your own data.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Eddy Vluggen wrote: You chose that company, instead of hosting and protecting your own data.
Oh, well, it's just my amazon acct I use for buying books. Just annoying user interaction thing. That's it.
|
|
|
|
|
Be happy that they only "requested" you to change the password.
They could have done as Microsoft and nuke your account because it violated the user agreements (some random "AI" errors).
There have been some people having this, and then... fvcked up. Specially if you use MS Cloud or X-Box accounts. Here in Germany was a case of a guy that got that and could not get access back to his account (containing some hundred or thousand € in games) for months (until some magazines and German Microsoft MVPs started public pressure). Still when just one day the account was again there, no sorry, no explanation... nothing.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: Still when just one day the account was again there, no sorry, no explanation... nothing.
Wow, that is really terrible. Customer service isn't a thing any more.
|
|
|
|
|
raddevus wrote: Customer service isn't a thing any more. Are we still customers at all?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I had several OTP codes sent to me before 'I' ordered a load of stuff I didn't want or need (iPad shock case, etc). My email address was hacked rather than my Amazon account.... you might want to check that...
|
|
|
|
|
glennPattonWork wrote: I had several OTP codes sent to me before 'I' ordered a load of stuff I didn't want or need (iPad shock case, etc). My email address was hacked rather than my Amazon account.... you might want to check that...
Thanks for letting me know. I think I am ok, since I never received any OTP codes sent to me except the one I finally requested. I think it was a amazon-forced thing but that is really my point...if it is amazon forcing it then amazon should just let me know. Of course they don't.
So you can't tell if you've been hacked or amazon is forcing a reset. It seems like amazon would want you to have more info about which is what, but apparently they dont.
|
|
|
|
|
Under current NIST guidelines, the only time you must change a password is if there is suspicion your account has been hacked. Amazon appears to implement these guidelines.
|
|
|
|
|
obermd wrote: Under current NIST guidelines, the only time you must change a password is if there is suspicion your account has been hacked. Amazon appears to implement these guidelines.
That makes sense to me.
However, why wouldn't amazon send a note saying, "we want you to reset your password, because we think there was suspicious activity." Then I'd at least know why the reset occurred. Instead they just leave me in the dark.
|
|
|
|
|
If calculating a checksum hurts are you being parity bitten?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Naturally; the checksum is a poly-nom-ial.
EDIT: corrected grammar
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
modified 26-Aug-20 11:25am.
|
|
|
|
|
I going to hash this out amongst my colleagues. That's SHA to get some interesting responses.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
... they didn't know if he was dead or alive!
|
|
|
|
|
Surely everyone know that to solve the Schrodinger's cat corundum you need to derive μ ?
|
|
|
|
|
You didn't let him out of the box, I gather!
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
|
|
|
|