Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

6 comments on “Why Your “Unimportant” Accounts Matter”

  1. Absolutely right, and since there are several excellent free password managers around, there’s no excuse.

    Except there is, and here goes my pet rant : most sites don’t disclose their password rules, and most of them have thoroughly stupid rules. Such as too short passwords, forbidden characters or character sets, compulsory characters or diversity of characters, and so on and so forth.

    So, before setting up a password with my password manager’s generator, I always need to type 1234 etc., into the password field, in order to know at least the length limit. This is a major PITA, and thousands of website administrators should be summarily shot for that.

    Some sites are even more perverted : they allow you to register a 30-character password, for instance, but in fact, the internal limit may be 20 characters. So they either truncate your password (and it works), or… you’re locked out the first time you try to login !

    Again, I think we should bring back the Gestapo, and round up a few hundred suspects, just to teach a lesson to the others.

    Nothing less than no length limit and no character rules at all will do. They have no excuses anymore. It might have been the case 30 years ago, but not with the current technology. At the very least, fix a ridiculously high limit, such as 1 000 characters, that nobody will ever hit.

  2. I am one of those really don’t give a rip users. I use pass word managers and tough PWs for important sites, but could care less about many retailer one web sites that want me create an account. If that account gets compromised, tough luck. Many of those places are a one time need/purchase.
    As for PW managers they don’t work all the time. I am not a good typer so complicated PWs are hard to input. To many web sites don’t allow PW managers to auto fill so the manager must be opened up to copy. Sometimes they overwrite a PW when you fill in “secret” information and they think it a new login. At best PWs are still very primitive and punishment for web sites not protecting your data is far to soft.
    Sorry about the rant.

    • If you made a one-time purchase on a website and you used your credit or debit card, the website might have retained your credit card information to make it easier when you return. Anyone getting into that website would be able to purchase using your credit card. There may be some websites that really don’t matter, but if you stay in the habit of using strong unique passwords, you’ll be better protected. If you use a password manager, they are no more work than long strong unique passwords.

  3. I’m like you Leo. My Hotmail account was my unimportant account until Microsoft began demanding an account for Sign In to a computer instead of the old username and password method. Then it became important so that I don’t get locked out of my entire device. (I’ve since figured how to go back to a plain log in).

    Next, I chose to back up my phone’s pictures to OneDrive instead of Google Photos, so now my Hotmail account is double important. Had a recent scare when I couldn’t get back into the account on my home computer. It asked for verification and would not send the code to either of the two listed backup accounts. Checked next day and got in okay via the work computer, so I hope everything is okay with that account that I never use for important emailing.

    • I had the same experience. I opened a Hotmail account to try it out. I didn’t like it, so I never really used it. Then when Microsoft started requiring a Microsoft account, I started using that account. Of course, if that account had been compromised or vulnerable because of a non-unique password, I could have just opened a new account, but I had a good name on that account, and it eventually became one of the accounts I use.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.