on 03-02-2020 17:31
On two occasions jan and Feb 2020 the password failed on my virgin secondary email login,had to reset using security question. It is the email address used for community. There was nothing wrong but not sure why password failed for no apparatus reason. It ia a virginmedia.com email. Is there a way to ensure the 10 digit password is strong, I normally use upper and lower case letters and some numbers, what are the restrictions if any, I assume symbols not allowed. When the failures occurred I tried several times retyping user name and paswords to check my typing, same result failed.
Can 10 letters be used or is it best to include some numbers which I do, but an example of a very strong 10 digit password would be useful, I presume best to avoid words in case of dictionary attack or names, birthdays etc.
I suppose at the time the virgin log in may have been down temorarily but it said wrong details entered but the password reset worked and let me in.
.
Answered! Go to Answer
on 16-09-2020 17:07
newappolo
thanks for the very clear explanation, I now fully understand this and the use of the keep me signed in button in the sign in box, I think I was confused by this and the security is not compromised provided one would be happy to store some passwords for convenience.
I do not save my passwords generally to the browser so happy to log in each time but may set up auto log in and try that out.
I have had similar issues before with other companies, some restrict login unless it is saved to the browser on each machine or take you through full security if 2 step is activated like facebook, and often locks you out if it does not recognise the computer.
As I use both chrome and edge I presume it could be set up in both browsers, chrome is better with less connection problems I find.
As I have several laptops and a tablet, each would require setting up for auto login if required as you advise.
Another one solved by the community thanks,
ALF28
on 07-10-2020 12:11
passwords
5 x leaked passwords connected to my ntlworld email address (online check avast)
where the virgin email is used to open other accounts with companies I always use different passwords avoiding duplication
My primary virgin email is secure but other company accounts using the same email address can be hacked.
I did a hacked password check on my ntlworld.com email address
MY email ntlworld.com has 5 leaked password (associated with the my primary ntlworld.com email)
1. myheritage --- 2017 encrypted
2. linkedin/myspace unknown password 2020, originally hacked 2012 passwords displayed on internet 2016 so closed linked in, so unsure why it quotes 2020 but did open a new linkedin account 2020 but not with the leaked password, no account with myspace
3.unknown password 2017 is known to me but dates back 12 years and used with a different email provider (work email)- this one used for blackmail emails to my ntlworld primary email, the work email is now defunct, unusual that this is still used by scammers.
4. unknown 8 digit password 2017 not recognised account unknown
5. unknown 8 digit password 2019 not recognised account unknown
conclusions-
accounts set up by others in some cases using my email, this did occur as my data was posted online
hackers having access to several emails by hacking emails and collecting addresses
computer hacking/malware obtaining email data/passwords
may have open accounts and forgot to record the details in the past-more than possible
being subscribed to newsletters by spammers/hackers, Scraped data used for marketing
unauthorised access by third parties or trackers etc.
I have not used any of these passwords for my virgin login, just external companies
comments-
odd that some passwords not known to me, only one out of 4 recognised and the 2020 password unusual and not a recent one that I use.
Also happens with gmail but only one password leaked unknown encrypted but also gmail recently getting subscribed to technical newsletters via amazonaws.
the internet is not a safe place anymore, getting worse.
alf28
on 08-10-2020 11:38
HACKERS- linked email accounts-keep password updated
Hackers can easily get access to contacts including your own emails or relatives, friends etc
emails are often linked when messages sent between often as test emails, best to review contacts/emails and delete out.
The recent introduction of 2 step security does help to prevent hackers using the contacts but not all companies use 2 step verification.
I had an astonishing thing happen in 2015, just noticed this today clearing out old emails, where gmail email folder was moved between two email accounts moving from my gmail email to my wife's email, I would not know how to do that but needs to be imported or a wizard but only one folder, emails in my wife gmail email in wrong folders also as if hacker messing about.I am changing the password on my wife,s gmail.
The folder that was moved was for the company Wickes (diy) after I did online orders. I see no reason for the folder to move to the wrong email, but at times all my gmails were probably hacked. It was hidden as a sub folder of an existing family folder???
If someone has had email access via hacking or server hacking they may have all my contacts and email addresses linked.
If a password is leaked, then a hacker could access any account over many years or until password is changed without me knowing.
In my own particular case the hacking started in 2015 and continues and I may be someone who actually is known to me.
The message is -CHANGE PASSWORDS OFTEN ,do not keep same password for many years , I am guilty of this but hard to keep track as I have many online accounts
If folders and emails start to "move" about it is an indication hackers have access to the email password.
May be best also not to link email accounts to protect data.
No action required by virgin.
on 10-10-2020 09:14
settings- security
If web mail only is used it should be possible to switch off imap and pop to prevent hackers using third party applications-email clients to try to hack email.
I have seen an imap setting in virgin mail but it only switches off folder access which prevent even me reading my folders in web mail.
In gmail for example both pop and imap can be disabled for better security if only web mail is used.
alf28
10-10-2020 11:34 - edited 10-10-2020 11:41
newsletters-fake
latest one is for a catalogue online company I use
very slight difference in the sender address (one word missing) but look very genuine, exact copy but from fake senders/hackers
sent out to many email providers and is filtered to spam, I have had it twice to different emails.
at the same time my password stopped working and can not reset yesterday, same today.
The web page is still there but the whole site is down, no on can log in.
alf28
on 10-10-2020 11:47
postings -behaving strange today,
previous post suddenly appeared in a new post, post done elsewhere posted ok but during a new post the previous post re-appeared as if post failed so clicked post and post became part of my new post which I then posted so had to edit/delete older post from new post.-
not had that happen before, perhaps a glitch but all ok now. weird happenings.
alf28
on 12-10-2020 05:37
@ALF28 wrote:what is auto sign in????
on my computer I always input user name and password to log in, so how does auto sign in work and if I can not switch it off is this a security risk.
seems no one has an answer to this one????
why provide the option if it does not function? is it linked to the radio button at log in?
where are the experts??? perhaps they do not know the answer either???
is this a temp glitch?
any one else got it or just me??
If it is not switched off , and can not be switched off, does that mean access to my account is open and nor secure?
Automatic login means that the "Cookie" stored when you logged in will use a "Session ID" token to log you in with future visits. Sites are generally tied to the IP and the Hardware information, so if your IP changes or you try copying the "Cookie" to another computer then the site would force you to log in again. Your Password and Username should never be stored by the website (it's possible but really unlikely). Delete all your cookies and it will "log you out". Be aware this is different than the browser storing the login details, cookie or not the browser can be set to remember the username and password.
I can see you have a lot of concerns going by your other post. Let me say this, a google or darkweb search of your email will bring up a lot of listings. The avast search seems to be a bit meh... I have a few accounts that have had leaks happen and the avast search doesn't pick up on any of them, Avast are big with ad-pushing so expect a load of ads. https://haveibeenpwned.com/ has been around a lot longer and might be of more use to you. If Avast are sharing whole passwords with you then that's bad and they should be ashamed. As you mention, having an email account stolen is bad, but what if Avast now sends a stolen email account a list of all passwords leaked with that email account and sites used - that can now be reset. You should look at the list and if it shows a password you use stop using it, sites that it list you should at a minimum reset the passwords to (if they are legit sites you have used).
Virgin media should introduce 2FA into password resets, even if a option that must be enabled, shame on them and their lax security design. I imagine it's because they would have a difficult time training the staff to support it, and have a difficult time with customers that struggle to use it.
"Hacking" users is really quite rare, yes some papers will say that a "hack" is attempted every 30 seconds, and that's likely true. With 4.5 billion people on the internet then you can see that 1 million people getting "hacked" every year really isn't a biggie (assuming every attempt was against a person, and every one was a success). Most hacks are against large companies and most of those are failures. Small sites tend to be "hacked" often enough for one to be concerned, but as you point out - don't use the same password(s).
In regards to Gmail allowing disabling of IMAP and POP, be aware it still allows IMAP and POP but you log in using OAuth2 instead (the hosting packages are different). What Google does have good is the ability to see (and disconnect) devices, and see historical usage such as the devices and IP addresses that were used to sign in. Virgin doesn't have this ability at all and they should.
If your really concerned then you could open a email account with someone else (that offers 2FA or 3FA) or even logging in with a FIDO key (Yubikey, Google Titan, few others - avoid Bluetooth). A FIDO based password manager.
Be aware that just because a search brings up your email address, it doesn't mean much unless they have the password to go with it. In the old days spammers would target every email address - and the mail servers would respond by saying user doesn't exist. so a@vm.com then aa@vm.com then aaa@vm.com (You get the idea). Sometimes you make a spam list just because it knows the account is real and active. Like the double glazing door knockers that are more persistent if you have 3 cars in the driveway.
on 12-10-2020 12:02
vmcopperuser
thanks for the reply relating to my previous post, found it informative.
I agree 2 step verification is good and vm should start to use it
also agree that account security for vm could be better if connected devices were show and last access/ip
virgin have changed my ip address recently but still reads the old ip address on my google account?? so not up to date.
(posted under my ip address has changed today)
I have already now set up alternative emails with 2 step security for banking etc,
I use the have I been pwned check and the avast identified that my ntlworld.com credentials were listed on 2 marketing company websites hacked lists,I have reset passwords or in one case removed a hacked account mybheritage, but some of the avast data is meaningless and the passwords not recognised.
alternative emails can be also problematic, my gmail address was used by someone else for 9 months, and may have been accessed via a facebook app but all secure now. Also recently I got a debt recovery letter from paypal with a fake name even though I closed my paypal account some time ago, still not resolved paypal will not reply to my email.
I do try to be secure these days and minimise hacking, I have had malware and virus but try to be careful now, the latest scam is hackers use images to install software for browser to track passwords, antivirus software should block most. The 2 step security is very important in addition to passwords to ensure security.
I do regularly clear browser data/cookies and use cc cleaner regularly and do not store passwords usually.
Also I always try to log out as some sites no longer time out so can be logged in for days.
alf28
on 12-10-2020 14:15
MY OLD IP ADDRESS STILL WORKS
3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 98.796/101.966/107.637/4.035 ms
SO MAY HAVE BEEN GIVEN TO SOMEONE ELSE?
OR IS IT STILL CONNECTING TO MY HUB
REASON FOR MY IP ADDRESS CHANGE AREA 30 UNKNOWN
ALF28
on 12-10-2020 14:22
ALF28,
Forget about Google still showing your old IP address. They actually keep a record of something around the last 10 ip addresses you used.
If they thought you were being compromised they would soon let you know. In fact they usually send an automated email if they see you ahev signed in from a different device/location to normal. They have their own cache which is independent to your browser cache and so may take a while to update and show the new IP address.
You can log into your hub browser and confirm the IP address you have been allocated. 192.168.01.1 Admin > Info > IPv4 address which will correspond with the one you are seeing when looking at the whatismyipaddress website.