TCS - Change Your Password

Change Your Password

by Don Singleton
Tulsa Computer Society
From the March 1999 issue of the I/O Port Newsletter

At the Winows meeting on Jan 18 Bruce Carson told a story of a man who showed businesses how vulnerable they were to someone breaking into their system, and he told how the guy wrote down the name of the receptionist, and called on the phone, asked for her, and said this is "Charlie Jones down in the data center. We've got a strange problem here. I need to check something. What is your password" and she gave it to him, and in just a minute or two he had logged in and gotten access to their entire network, which shocked the president of the company.

One of the members came up after the meeting and said someone from AoL had called and invited her to change to them for her long distance carrier, and said they needed her password and she gave it to them. That was ok, wasn't it? No that was not ok. For one thing AoL is an Internet Service Provider, not a Long Distance Provider, and although they own a Long Distance Company and could concievably offer a special price for people who were customers of both companies, they would generally sell their LD Service through the other company. But even if they were going to do it as AoL, they have absolutely no need for your password. Your password should not be given out to anyone, especially someone who calls you on the phone.

I told this member that as soon as she got home, to connect to AoL and change her password. She might want to follow up after that, with a voice call to AoL support to report the call, and/or the local police department, but change that password IMMEDIATELY. I hope she did it.

There have been times in Internet Sig meetings where a member would ask me to show them something on their own account, and I have had to ask for their password, but even then, I would not have been offended if they wanted to come up to the front of the room and type it in theyselves, where I would never see it. Other people should not know your password.

Your password should not be given out to anyone, especially someone who calls you on the phone. It does not matter who they say they are. I don't care if it is Bill Clinton or Bill Gates. In fact if either of them should call, I would be ESPECIALLY SUSPICIOUS.

A company should have absolutely NO NEED for your password. If you feel you have to do something you can ask for a number where you can call them back, and see if they will give it to you, and if you have a Caller Id unit, check to see if it shows the number they are calling from, and if so record it. But dont just call back to the number they give you. Call the company directly with whatever number you have printed on your bill, or your documentation, or whatever.



For more information on the Tulsa Computer Society click here


This page has been accessed times.
Tulsa Computer Society 3/11/99
Don Singleton, President
djs@ionet.net