thanks for the very clear explanation, I now fully understand this and the use of the keep me signed in button in the sign in box, I think I was confused by this and the security is not compromised provided one would be happy to store some passwords for convenience.
I do not save my passwords generally to the browser so happy to log in each time but may set up auto log in and try that out.
I have had similar issues before with other companies, some restrict login unless it is saved to the browser on each machine or take you through full security if 2 step is activated like facebook, and often locks you out if it does not recognise the computer.
As I use both chrome and edge I presume it could be set up in both browsers, chrome is better with less connection problems I find.
As I have several laptops and a tablet, each would require setting up for auto login if required as you advise.
5 x leaked passwords connected to my ntlworld email address (online check avast)
where the virgin email is used to open other accounts with companies I always use different passwords avoiding duplication
My primary virgin email is secure but other company accounts using the same email address can be hacked.
I did a hacked password check on my ntlworld.com email address
MY email ntlworld.com has 5 leaked password (associated with the my primary ntlworld.com email)
1. myheritage --- 2017 encrypted
2. linkedin/myspace unknown password 2020, originally hacked 2012 passwords displayed on internet 2016 so closed linked in, so unsure why it quotes 2020 but did open a new linkedin account 2020 but not with the leaked password, no account with myspace
3.unknown password 2017 is known to me but dates back 12 years and used with a different email provider (work email)- this one used for blackmail emails to my ntlworld primary email, the work email is now defunct, unusual that this is still used by scammers.
4. unknown 8 digit password 2017 not recognised account unknown
5. unknown 8 digit password 2019 not recognised account unknown
accounts set up by others in some cases using my email, this did occur as my data was posted online
hackers having access to several emails by hacking emails and collecting addresses
Hackers can easily get access to contacts including your own emails or relatives, friends etc
emails are often linked when messages sent between often as test emails, best to review contacts/emails and delete out.
The recent introduction of 2 step security does help to prevent hackers using the contacts but not all companies use 2 step verification.
I had an astonishing thing happen in 2015, just noticed this today clearing out old emails, where gmail email folder was moved between two email accounts moving from my gmail email to my wife's email, I would not know how to do that but needs to be imported or a wizard but only one folder, emails in my wife gmail email in wrong folders also as if hacker messing about.I am changing the password on my wife,s gmail.
The folder that was moved was for the company Wickes (diy) after I did online orders. I see no reason for the folder to move to the wrong email, but at times all my gmails were probably hacked. It was hidden as a sub folder of an existing family folder???
If someone has had email access via hacking or server hacking they may have all my contacts and email addresses linked.
If a password is leaked, then a hacker could access any account over many years or until password is changed without me knowing.
In my own particular case the hacking started in 2015 and continues and I may be someone who actually is known to me.
The message is -CHANGE PASSWORDS OFTEN ,do not keep same password for many years , I am guilty of this but hard to keep track as I have many online accounts
If folders and emails start to "move" about it is an indication hackers have access to the email password.
May be best also not to link email accounts to protect data.
previous post suddenly appeared in a new post, post done elsewhere posted ok but during a new post the previous post re-appeared as if post failed so clicked post and post became part of my new post which I then posted so had to edit/delete older post from new post.-
not had that happen before, perhaps a glitch but all ok now. weird happenings.
on my computer I always input user name and password to log in, so how does auto sign in work and if I can not switch it off is this a security risk.
seems no one has an answer to this one????
why provide the option if it does not function? is it linked to the radio button at log in?
where are the experts??? perhaps they do not know the answer either???
is this a temp glitch?
any one else got it or just me??
If it is not switched off , and can not be switched off, does that mean access to my account is open and nor secure?
Automatic login means that the "Cookie" stored when you logged in will use a "Session ID" token to log you in with future visits. Sites are generally tied to the IP and the Hardware information, so if your IP changes or you try copying the "Cookie" to another computer then the site would force you to log in again. Your Password and Username should never be stored by the website (it's possible but really unlikely). Delete all your cookies and it will "log you out". Be aware this is different than the browser storing the login details, cookie or not the browser can be set to remember the username and password.
I can see you have a lot of concerns going by your other post. Let me say this, a google or darkweb search of your email will bring up a lot of listings. The avast search seems to be a bit meh... I have a few accounts that have had leaks happen and the avast search doesn't pick up on any of them, Avast are big with ad-pushing so expect a load of ads. https://haveibeenpwned.com/ has been around a lot longer and might be of more use to you. If Avast are sharing whole passwords with you then that's bad and they should be ashamed. As you mention, having an email account stolen is bad, but what if Avast now sends a stolen email account a list of all passwords leaked with that email account and sites used - that can now be reset. You should look at the list and if it shows a password you use stop using it, sites that it list you should at a minimum reset the passwords to (if they are legit sites you have used).
Virgin media should introduce 2FA into password resets, even if a option that must be enabled, shame on them and their lax security design. I imagine it's because they would have a difficult time training the staff to support it, and have a difficult time with customers that struggle to use it.
"Hacking" users is really quite rare, yes some papers will say that a "hack" is attempted every 30 seconds, and that's likely true. With 4.5 billion people on the internet then you can see that 1 million people getting "hacked" every year really isn't a biggie (assuming every attempt was against a person, and every one was a success). Most hacks are against large companies and most of those are failures. Small sites tend to be "hacked" often enough for one to be concerned, but as you point out - don't use the same password(s).
In regards to Gmail allowing disabling of IMAP and POP, be aware it still allows IMAP and POP but you log in using OAuth2 instead (the hosting packages are different). What Google does have good is the ability to see (and disconnect) devices, and see historical usage such as the devices and IP addresses that were used to sign in. Virgin doesn't have this ability at all and they should.
If your really concerned then you could open a email account with someone else (that offers 2FA or 3FA) or even logging in with a FIDO key (Yubikey, Google Titan, few others - avoid Bluetooth). A FIDO based password manager.
Be aware that just because a search brings up your email address, it doesn't mean much unless they have the password to go with it. In the old days spammers would target every email address - and the mail servers would respond by saying user doesn't exist. so firstname.lastname@example.org then email@example.com then firstname.lastname@example.org (You get the idea). Sometimes you make a spam list just because it knows the account is real and active. Like the double glazing door knockers that are more persistent if you have 3 cars in the driveway.
---- I do not work for VM, but I would. It is just a Job. Most things I say I make up and sometimes it's useful, don't be mean if it's wrong. I would also make websites for them, because the job never seems to require the website to work.
thanks for the reply relating to my previous post, found it informative.
I agree 2 step verification is good and vm should start to use it
also agree that account security for vm could be better if connected devices were show and last access/ip
virgin have changed my ip address recently but still reads the old ip address on my google account?? so not up to date.
(posted under my ip address has changed today)
I have already now set up alternative emails with 2 step security for banking etc,
I use the have I been pwned check and the avast identified that my ntlworld.com credentials were listed on 2 marketing company websites hacked lists,I have reset passwords or in one case removed a hacked account mybheritage, but some of the avast data is meaningless and the passwords not recognised.
alternative emails can be also problematic, my gmail address was used by someone else for 9 months, and may have been accessed via a facebook app but all secure now. Also recently I got a debt recovery letter from paypal with a fake name even though I closed my paypal account some time ago, still not resolved paypal will not reply to my email.
I do try to be secure these days and minimise hacking, I have had malware and virus but try to be careful now, the latest scam is hackers use images to install software for browser to track passwords, antivirus software should block most. The 2 step security is very important in addition to passwords to ensure security.
I do regularly clear browser data/cookies and use cc cleaner regularly and do not store passwords usually.
Also I always try to log out as some sites no longer time out so can be logged in for days.
Forget about Google still showing your old IP address. They actually keep a record of something around the last 10 ip addresses you used.
If they thought you were being compromised they would soon let you know. In fact they usually send an automated email if they see you ahev signed in from a different device/location to normal. They have their own cache which is independent to your browser cache and so may take a while to update and show the new IP address.
You can log into your hub browser and confirm the IP address you have been allocated. 192.168.01.1 Admin > Info > IPv4 address which will correspond with the one you are seeing when looking at the whatismyipaddress website.
The Service you do for others is the rent you pay for your room here on Earth - Muhammad Ali
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click to mark as a Helpful Answer or use Kudos to say thanks