Exreme Security Annoys me a lot.

[Geek-9pm]

Hey Google!
Hey Microsoft!
Please stop annoying me with you bogus security stuff.
Uf I can not use it, it has no value at all!
It has taken be two days to get my wife's Microsoft account fixed. It should not have taken 5 minuets . OK, I am slow, so maybe ten minuets.

Just now I got the same hassle with a Google account. After a big fuss, it asked me to change my password without any evidence that the password was compromised. It was unbelievable. It sent me a text message that was blank. So then i called me and I got a mechanical voice that gave be six digest. Took twice to get that right.

Am I the only one? Maybe not.

Most Annoying Security Request
How about you?    

[BC_Programmer]

Wasn't your system demonstrably compromised by trojan backdoors a month ago, which resulted in your Amazon account being compromised?

[MichaelNyby]

Good catch there, BC_Programmer, but Geek-9pm does bring up a situation that I suspect many have some sympathy with.

The thing about a lot of the security notices all sorts of companies program is the language is sort of machine-like when actually the message is supposed to be for a human.

I worked with -- well, we still have a splinter group -- but it is past tense for me --- anyway, a group at Google that dealt with security and the truth is even inside the company there are those that sort of advocate a little more of a human touch to messages.

The problem is the upper-ranking boss types don't like to start down the road of being sort of more human and less machine-like because they fear where that can lead.  And there is some validity to that line of thought and subsequent management.

It's kind of like when the Gmail was first started and all the neat messages were sent out to new folks and then that just stopped, of course.  Too many customers.  It happens over and over in this business.  Many customers and the language gets curt and easier to duplicate for mutli-situations and so less work needed at the UI side of the job.

This is an awfully weird business.

Heh, BC_Programmer, you remember what C++ was first called?

[MichaelNyby]

Uh oh!  I think I messed up, didn't I?  You aren't complaining about the text of the message, but the message itself, right?  More than one trigger, too.

Well, maybe I can leave the one above still in the thread?  Sorry for the error.

But thinking about the idea of "extreme security" I am sort of lost as I am not so sure I have had a concern about too much, IF I knew something was really wrong.

Now if you are getting bogus security notices, that is a whole different ball game, I think.

Maybe a little more information would be useful.

Why did you conclude that what tripped the Microsoft security software was bogus?

Let's start with Microsoft and then shift to Google.

Again, sorry I didn't properly download your post into my brain, Geek-9pm.  I really thought you were complaining about the language used.

By the way, I think I would lean toward wanting too much security software rather than too little.

Well, I'm not rich, so that might be why.  If I had money to burn I would be less worried about Mr./Ms. Bad Guy/Gal trying to online thieving my money.  I might even look upon it as a weird entertainment.

[BC_Programmer]

In part what I had posted was that I found it ironic that somebody who had clearly been a victim of poor security practices would lament their existence.

Specifically:

Just now I got the same hassle with a Google account. After a big fuss, it asked me to change my password without any evidence that the password was compromised.

From here:

If there’s suspicious activity in your Google Account or we detect that your password has been stolen, we may ask you to change your password. By changing your password, you help make sure that only you can use your account.

As per the thread I referenced. I don't think he ever took the gravity of the compromise of his system seriously. The system was infected with 25 or more pieces of malware which would have most certainly provided access to his account passwords. Running Malwarebytes and assuming the problem was fixed has clearly not worked- Google is asking him to change his password because it has detected malicious activity already, unusual sign-in behaviour (eg. wildly different locations) or detected the password was otherwise compromised.

Assuming, of course, this happens during sign-in. Google won't send E-mails telling people to change their password- That is phishing and is probably somebody trying to get your current password.

Complaining about more or less the "inconvenience of it all" as he is doing here seems to underline to me that he simply isn't taking the problem seriously.

Geek-9pm, My recommendation would be to immediately change all your passwords. I bold immediately because I do not mean to merely add it to your to-do list. It should be a top priority. Change all said passwords and make them unique from each other, too. (If necessary you can always resort to writing the passwords down, that is still better than sharing passwords between services)

Malware compromise means you cannot trust any passwords you changed while the system was infected. Personally I wouldn't trust the computer at all without a clean install, but that is just me. In addition to that sort of compromise, forums and various services often get compromised on their own Sometimes it is announced, sometimes it isn't, but. If you use the same password on various sites and one of them gets compromised then it becomes that much easier to access your accounts elsewhere using the same password.

Furthermore, that information is now often used for attempted extortion. A few weeks ago I got a "scary" E-mail from somebody claiming to be a "hacker" who claimed to know my password and have access to my computer and all my contacts. The password they mentioned was something I used decades ago- I changed it everywhere that mattered entirely because it became part of released "black market" compromised data.

One can see how people who don't take security seriously and who complain about the inconvenience of Google asking them to change their password when their account has been compromised could easily fall victim to those E-mails because the Password being accurate due to never being changed offers legitimacy to the rest of their claims. (Which are the standard nonsense, transfer BTC etc etc blah blah the consequences will be dire etc.)

Heh, BC_Programmer, you remember what C++ was first called?

C with classes, if I've understood the question. Bit of a non-sequiter, though!

[MichaelNyby]

C with classes, if I've understood the question. Bit of a non-sequiter, though!

Very true about that question being off-topic and I am not even sure how or why that thought jumped into my brain.  I suspect a faulty brain due to age.

I do hope that Geek-9pm and his wife do the necessaries to be sure their systems are secure.  The security systems are all there and should be used to good advantage.

[Geek-9pm]

To my best we have in place secure measures.
First thing we limit access to our property. We ignore e-mails fro people we do not know.

Right now I  do have an issues i can not resolve. My modem will not let me log in. And nobody can help me.TYje solution is to get a new modem. Never has the happened before.
It is an ARRIs cable model.

192.168.0.1  is the IP for log in.

It enters a security dialog and will not let me in. 
This started last week.

[MichaelNyby]

I have to do this off the top of my head because other activities are in dire need of continued attention, but that address is a gateway address correct? Now what jumps out at me is your making a previous note about your wife's computer and if you are both using the same modem I smell a problem could arise.  I mean, there are ways to do that, but one has to be sort of careful.  Well, more than "sort of" but I suspect you can get better help from BC_Programmer, which certainly has to be true because I really have to scoot.  My co-admin on one of my sites hasn't seen my log in for many hours and can very likely see I have been busy elsewhere and will be angry at me.  Well, upset more than angry.

Hold up on buying another modem, Geek-9pm.  Please.  it might not be necessary.

[BC_Programmer]

It enters a security dialog and will not let me in.

Do you mean the login you have pictured? That's normal. Most ISPs will put the default credentials on the router. It looks like you've accessed it before. Did you change the password when you did so?

If the password is the default, then it is "password" (no quotes). Otherwise, you can factory reset the modem via a pinhole in the back. That will reset everything back to the default and once it boots back up the password will be "password" to get into the router settings.

[MichaelNyby]

As there was some mention of Gmail in the OP I am going to go ahead and use this thread to ask about something related to Gmail and maybe there will be thoughts some of you might have.

I recall a bit back we were being told by the various Gmail Team folks that the security question thingy was no longer being used as a Gmail type security tool, but recently I have had to access my Gmail accounts from hospitals and other not-normal-workstation locations and one thing that always popped up was either finish the partial showing of your support email account or answer a security question.

I actually tried to remember an answer to one such request to answer the security question and got it wrong and was then able to simply finish the ID of the security email account, or whatever that email account is called.

So what's the deal about that security question?  Has anyone in this community recently opened a new Gmail account and been asked to submit a security question?  I honestly thought those were no longer being used at Google.