Categories
Customer Service

Why can’t Jo Malone change your account’s email?

This all started, innocently, yesterday as I was going through some online accounts that I have registered to an old email address.

I bought my wife some Jo Malone perfume last year, I think, and, as a result, I now have an account on their site. But, and unfortunately they’re not the only site to do this, they don’t provide a way for you to change your email.

Categories
Customer Service

On Long Passwords

At the moment, I’m having a ‘discussion’ with British Airways on Twitter. Sadly, it’s not the first time I’ve had a similar conversation with a company.

Here’s the initial part of the problem – when you try and change your BA password, it gives you the following guidance for the password…

So, the password has to be at least 6 digits and be numbers and letters. No symbols, mind you, which is a negative point. So, I put in a new password, generated for me. 49 digits no less. It complained..

The password you have supplied is invalid. Passwords need to be at least 6 characters in length and use a mix of letters (English A-Z) and numbers.

But my password did abide by those rules.

Categories
Customer Service

BT and their bizarre attitudes to security

Since late last year I’ve been going through a process of adding complex, long and individual passwords to all my online accounts. I’m still doing it, albeit the less important accounts. Today I looked at bt.com. I don’t use them but still have an account set up from when I used to use them.

Now, by default, I try and use a 50 character randomised passwords, complete with numbers and symbols, which is generated by 1Password. Some sites have length limits so this, sometimes, need adjusting. The BT account page lists no such limitations, so what could go wrong?

Categories
WordPress

Simple security tips for WordPress

At a recent visit to a local WordPress meetup, the question of how we should secure our WordPress websites came up. Not from a business angle, but for regular at-home bloggers.

So, here’s my 2¢ worth.

Categories
WordPress

Is the disclosure of user names and email addresses a weakness?

On the same day that a security searcher released details of a vulnerability in the way WordPress deals with password resets, I too reported a security issue. Well, more of a concern.

For a while I’ve noticed that more and more sites are not telling you, when you do a password reset, if the email you’ve entered is valid or not. They’ll, instead, give you a message along the lines of “if that email is valid, we will send you details on how to reset your password”. That way you can’t use the password reset feature to fish for people’s emails.

But WordPress doesn’t do that. Enter a user name or password and it will tell you if it was valid or not.

css.php